Text only | Text with Images

OPNsense Forum

Archive => 22.7 Legacy Series => Topic started by: jamescp on September 03, 2022, 01:39:58 AM

Title: dns override issue after updating to 22.7.3_2
Post by: jamescp on September 03, 2022, 01:39:58 AM
hello all, i'm fairly new to opnsense but i've used pfsense for years. after i upgraded this morning i've noticed my dns overrides are no longer working in reverse. i can resolve the host name i.e. host.localhostname.host to the ip, yet when i try to resolve the ip it doesn't direct to the hostname that it should be. is there a setting i'm missing in unbound? the only thing i'm seeing in the logs is:

2022-09-02T19:30:50-04:00   Warning   unbound   PTR record already exists for

and thats for all my overrides. it was working fine up until this update. thanks in advance for the help.
Title: Re: dns override issue after updating to 22.7.3_2
Post by: peter.vynck on September 03, 2022, 12:00:06 PM
Second time in 2 days that Unbound stops working after the update.
Will try to figure out more and post here.
Title: Re: dns override issue after updating to 22.7.3_2
Post by: franco on September 05, 2022, 09:58:39 AM
Because a PTR record cannot exist for multiple hosts. Unbound was dashing this out anyway but it caused problems for clients.


Cheers,
Franco
Title: Re: dns override issue after updating to 22.7.3_2
Post by: Benst on September 05, 2022, 10:01:48 PM
I am having the same problem. Every host override (A and Alias records) I have in the unbound config now fails the reverse lookup. Same error messages: "...PTR record already exists for...".

I haven't added all these hosts/aliases multiple times, so why does it throw this error message?

I would appreciate some guidance on how to fix this.

Thanks,
Ben
Title: Re: dns override issue after updating to 22.7.3_2
Post by: Benst on September 08, 2022, 06:55:18 PM
Upgraded to 27.2.4, problem persists.

Ben
Title: Re: dns override issue after updating to 22.7.3_2
Post by: efahl on September 08, 2022, 07:39:43 PM
Quote from: franco on September 05, 2022, 09:58:39 AM
Because a PTR record cannot exist for multiple hosts. Unbound was dashing this out anyway but it caused problems for clients.
I believe there is something broken in the logic that detects whether the PTR records should be generated.  After regenerating my unbound config, which contains a half dozen host overrides for static IPs, I see this (i.e., only PTR records for the router itself, none for any of the static IPs that have no PTR records anywhere).

Code Select
> sudo unbound-control -c /var/unbound/unbound.conf list_local_data | grep PTR
1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa.      10800   IN     PTR     localhost.
b.l.a.h.b.l.a.h.f.f.9.b.d.0.2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa.       3600   IN     PTR     rtr00.lan.
1.0.0.127.in-addr.arpa.    10800   IN      PTR     localhost.
15.1.168.192.in-addr.arpa.  3600   IN      PTR     rtr00.lan.

I'm unclear as to the intent at /usr/local/etc/inc/plugins.inc.d/unbound.inc:573, but it looks like it assumes all entries in "Host Overrides" are aliases?  Should I be defining my static IP hosts in some other fashion?

Code Select

                      if (($alias === $tmp_aliases[0] || $tmp_aliases[0]['hostname'] === '*') && !in_array($host->server, $ptr_records, true)) {
                          /* Only generate a PTR record for the non-alias override and only if the IP is not already associated with a PTR.
                           * The exception to this is an alias whose parent uses a wildcard and as such does not specify a PTR record.
                           */


Title: Re: dns override issue after updating to 22.7.3_2
Post by: Benst on September 09, 2022, 04:30:30 PM
Perhaps it's better to create an issue about this on github?

These look related:
https://github.com/opnsense/core/issues/5477
https://github.com/opnsense/core/pull/5925

BTW, I tried to opnsense-revert to 22.7.2, but that got nowhere fast. UI would not start up I should reinstall this one and start using boot environments...

Ben
Title: Re: dns override issue after updating to 22.7.3_2
Post by: efahl on September 09, 2022, 04:53:29 PM
Thanks for digging out those links, Ben.  Looks like my concerns are already voiced and fixed here:

https://github.com/opnsense/core/pull/5925#issuecomment-1240596555

I tested that change and it works as I expect.
Title: Re: dns override issue after updating to 22.7.3_2
Post by: Benst on September 09, 2022, 04:58:57 PM
Great! I will go and test that too after the weekend (when I'm physically at the firewall  :) ).

Ben
Title: Re: dns override issue after updating to 22.7.3_2
Post by: efahl on September 09, 2022, 05:27:08 PM
In case anyone else wants to try:

Code Select
sudo vi /usr/local/etc/inc/plugins.inc.d/unbound.inc


Go to line 573, add "!" between first two parentheses

Code Select
573                  if (!($alias...

I ran the unbound-control I mention above, both before and after, diffing the two results and saw all the PTR records for host entries as I expected, and none for the aliases.
Title: Re: dns override issue after updating to 22.7.3_2
Post by: Benst on September 12, 2022, 07:31:00 PM
Thanks again, that fixed the problem here too.

Ben
Title: Re: dns override issue after updating to 22.7.3_2
Post by: jamescp on September 13, 2022, 03:32:03 AM
Quote from: efahl on September 09, 2022, 05:27:08 PM
In case anyone else wants to try:

Code Select
sudo vi /usr/local/etc/inc/plugins.inc.d/unbound.inc


Go to line 573, add "!" between first two parentheses

Code Select
573                  if (!($alias...

I ran the unbound-control I mention above, both before and after, diffing the two results and saw all the PTR records for host entries as I expected, and none for the aliases.

this fixed my issue. thank you for your help.
Text only | Text with Images