Bug #9870
closed
DNS fails to resolve CNAME records
0%
Description
I have a pfSense router (2.4.4-RELEASE-p3 using unbound Version 1.9.1) in a home environment and it is also serving as a DNS server and recursively resolves to Cloudflare's DNS server (1.1.1.1 and 1.0.0.1)
I came across a DNS record which would fail to resolve on my home network but would resolve on any other network. The DNS record ended up being a CNAME record which pfSense could not resolve.
While on my home network if I used the upstream DNS resolver (Cloudflare) which my pfSense router points to I had no issue resolving the record.
If I went to the pfSense GUI > Diagnostics > DNS Lookup and performed a lookup there it would resolve successfully and future queries from clients on my network to my router's DNS server would complete successfully.
If my router restarted or the DNS cache cleared this problem would return.
Below are examples of the results of the `dig` command in various scenarios:
- results from multiple devices on my home network
- note the status of 'SERVFAIL'
dig coder.show
...
;; >>HEADER<< opcode: QUERY, status: SERVFAIL, id: 563
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;coder.show. IN A
;; Query time: 2234 msec
;; SERVER: <ROUTER IP ADDRESS>#53
...
- results from querying my router's upstream resolver while on my home network
- note the status of 'NOERROR'
dig @1.1.1.1 coder.show
...
;; >>HEADER<< opcode: QUERY, status: NOERROR, id: 10461
; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1452
;; QUESTION SECTION:
;coder.show. IN A
;; ANSWER SECTION:
coder.show. 34 IN CNAME hosted.fireside.fm.
hosted.fireside.fm. 48 IN A 45.33.51.100
;; Query time: 83 msec
;; SERVER: 1.1.1.1#53(1.1.1.1)
...
- results from connecting to a VPN server while on my home network
- note the status of 'NOERROR'
dig coder.show
...
;; >>HEADER<< opcode: QUERY, status: NOERROR, id: 16319
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 13, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: 02554f82c6e44c0b9afd81805dbb5a47b2fecf27488fe956 (good)
;; QUESTION SECTION:
;coder.show. IN A
;; ANSWER SECTION:
coder.show. 724 IN CNAME hosted.fireside.fm.
hosted.fireside.fm. 73 IN A 45.33.51.100
;; AUTHORITY SECTION:
. 3358 IN NS e.root-servers.net.
. 3358 IN NS c.root-servers.net.
. 3358 IN NS i.root-servers.net.
. 3358 IN NS g.root-servers.net.
. 3358 IN NS k.root-servers.net.
. 3358 IN NS l.root-servers.net.
. 3358 IN NS h.root-servers.net.
. 3358 IN NS f.root-servers.net.
. 3358 IN NS j.root-servers.net.
. 3358 IN NS d.root-servers.net.
. 3358 IN NS b.root-servers.net.
. 3358 IN NS a.root-servers.net.
. 3358 IN NS m.root-servers.net.
;; Query time: 386 msec
;; SERVER: <VPN SERVER IP ADDRESS>#53
...
- results from multiple devices on my home network after using the pfSense GUI to perform a DNS lookup
- note the status of 'NOERROR'
dig coder.show
...
;; >>HEADER<< opcode: QUERY, status: NOERROR, id: 8270
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;coder.show. IN A
;; ANSWER SECTION:
coder.show. 383 IN CNAME hosted.fireside.fm.
hosted.fireside.fm. 195 IN A 45.33.51.100
;; Query time: 1 msec
;; SERVER: <ROUTER IP ADDRESS>#53
Updated by Jim Pingle over 5 years ago
- Status changed from New to Not a Bug
There is not enough information here to definitively say it's a bug and not a problem with your settings or elsewhere in your environment. Start a thread on the forum to nail down more details first.