Project

General

Profile

Bug #9189

Broken host overrides in DNS resolver (sometimes)

Added by Taras Savchuk 3 months ago. Updated 3 months ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
-
Target version:
-
Start date:
12/10/2018
Due date:
% Done:

0%

Estimated time:
Affected Version:
2.4.4
Affected Architecture:
All

Description

Expected behavior:
If we have host override in pfSense "DNS resolver", pfSense should never ever return public IP for overriden host.

Actual behavior:
Sometimes pfSense returns external IP of overriden host in additional section of reply to MX-type query (i.e. Unbound do not respect own host overrides when inserts additional info in replies). May be it's Unbound's bug.

How to solve:
Add "minimal-responses: yes" to default Unbound config and prevent Unbount from returning additional info in replies.

Details:
https://forum.netgate.com/topic/107354/dns-resolver-host-overrides-don-t-work-sometimes

History

#1 Updated by JohnPoz _ 3 months ago

Sorry but you have not shown this to be happening... As I brought up over 2 years ago you sure your client is not pointing to some other NS as well as pfsense.

Please show the query to unbound showing you get back the additional A records for the MX... Out of the box unbound defaults to min responses YES... So it will not send any additional records unless they are specifically queried..

I have given multiple examples of this in the thread..

unbound was updated with 2.4.4p1 - its possible that old version of unbound was not using default yes? for min responses?

Also available in: Atom PDF