Project

General

Profile

Bug #9999

unbound fatal error if System Domain in DNSBL and System Domain Local Zone Type is Redirect

Added by Viktor Gurov 10 months ago. Updated 10 months ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
pfBlockerNG
Target version:
-
Start date:
12/24/2019
Due date:
% Done:

0%

Estimated time:
Affected Version:
Affected Architecture:

Description

On System / General Setup I have configured <MYHOST> as hostname and mywire.org (dynu.com dyndns provider) as domain
and System Domain Local Zone Type is Redirect on Services \ DNS Resolver page

At the same time, I got another host from this domain during the last DNSBL feeds update:

[2.4.4-RELEASE][root@<MYHOST>.mywire.org]/var/db/pfblockerng: grep -r servici-android-postali *
dnsbl/OpenPhish.txt:local-data: "servici-android-postali.mywire.org 60 IN A 10.10.10.1" 
dnsblalias/DNSBL_Phishing:local-data: "servici-android-postali.mywire.org 60 IN A 10.10.10.1" 
dnsblorig/OpenPhish.orig:http://servici-android-postali.mywire.org/B.P.O.L/solo.android/securelogin-html2019postepay
[2.4.4-RELEASE][root@<MYHOST>.mywire.org]/var/db/pfblockerng: grep mywire /var/unbound/*
/var/unbound/pfb_dnsbl.conf:local-data: "servici-android-postali.mywire.org 60 IN A 10.10.10.1" 

After that, unbound does not start:

unbound: [1232:0] warning: duplicate local-zone <MYHOST>.mywire.org.
unbound: [1232:0] warning: duplicate local-zone localhost.mywire.org.
unbound: [1232:0] error: local-data in redirect zone must reside at top of zone, not at servici-android-postali.mywire.org 60 IN A 10.10.10.1
unbound: [1232:0] fatal error: Could not set up local zones

pfSense 2.4.4-p3, pfBlockerNG-devel 2.2.5_27

Also available in: Atom PDF