Project

General

Profile

Actions

Bug #9189

closed

Broken host overrides in DNS resolver (sometimes)

Added by Taras Savchuk about 6 years ago. Updated over 5 years ago.

Status:
Rejected
Priority:
Normal
Assignee:
-
Category:
DNS Resolver
Target version:
-
Start date:
12/10/2018
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.4.4
Affected Architecture:
All

Description

Expected behavior:
If we have host override in pfSense "DNS resolver", pfSense should never ever return public IP for overriden host.

Actual behavior:
Sometimes pfSense returns external IP of overriden host in additional section of reply to MX-type query (i.e. Unbound do not respect own host overrides when inserts additional info in replies). May be it's Unbound's bug.

How to solve:
Add "minimal-responses: yes" to default Unbound config and prevent Unbount from returning additional info in replies.

Details:
https://forum.netgate.com/topic/107354/dns-resolver-host-overrides-don-t-work-sometimes

Actions #1

Updated by JohnPoz _ about 6 years ago

Sorry but you have not shown this to be happening... As I brought up over 2 years ago you sure your client is not pointing to some other NS as well as pfsense.

Please show the query to unbound showing you get back the additional A records for the MX... Out of the box unbound defaults to min responses YES... So it will not send any additional records unless they are specifically queried..

I have given multiple examples of this in the thread..

unbound was updated with 2.4.4p1 - its possible that old version of unbound was not using default yes? for min responses?

Actions #2

Updated by Jim Pingle over 5 years ago

  • Category set to DNS Resolver
  • Status changed from New to Rejected

Nothing actionable here. Read the forum thread for more.

Actions

Also available in: Atom PDF