Print Page - 23.1.9 Alias type Hosts after creation is empty or incomplete

Title: 23.1.9 Alias type Hosts after creation is empty or incomplete
Post by: nzkiwi68 on June 21, 2023, 02:07:15 AM

We need to allow direct access bypassing our proxy, so, I created an Alias:

Alias name: exch_online_hosts
Type: Host(s)
Content: autodiscover.companyXYZ.co.nz outlook.office365.com outlook.office.com

Across a number of OPNsense firewalls

some made the alias with 0 loaded IP addresses
some made the alias with 8 loaded IP addresses
most made the alias with 16 loaded IP addresses
others made the alias with 28 loaded IP addresses

On those installations that made the alias with 0 or 8 entries, I manually ran the CLI command:

Code Select

/usr/local/opnsense/scripts/filter/update_tables.py

It returned Status "ok"

Alias now has 45 loaded entries!

Alias Host(s) type appears to have trouble with a Host alias that resolves to multiple additional names and then walking down through these and resolving those too, but, manually updating the tables from the CLI seems to work.

Title: Re: 23.1.9 Alias type Hosts after creation is empty or incomplete
Post by: Seimus on June 22, 2023, 10:38:27 AM

This weird, I use several Aliases Host(s) to resolve combination of domains + IPs for Servers (Games), and it works without problem. I can see OPN hits my DNS to resolve them in periodical intervals and they are all seen loaded.

Regards,
S.

Title: Re: 23.1.9 Alias type Hosts after creation is empty or incomplete
Post by: CJ on June 22, 2023, 03:18:08 PM

Quote from: Seimus on June 22, 2023, 10:38:27 AM
This weird, I use several Aliases Host(s) to resolve combination of domains + IPs for Servers (Games), and it works without problem. I can see OPN hits my DNS to resolve them in periodical intervals and they are all seen loaded.

Regards,
S.

Are the domains resolving to a single IP or multiple? It appears the latter is the OPs problem.

Title: Re: 23.1.9 Alias type Hosts after creation is empty or incomplete
Post by: Seimus on June 22, 2023, 03:42:58 PM

I just checked just to be sure.

In my case they resolve to individual unique IPs, as they should.

Also I am using my own DNS server, Pihole + Unbound. So I can see directly what queries are made and what is being responded. At least in my case it works as should.

OPN has a list of Host(s) Aliases > periodically (default timer) it sent queries to refresh them > Populates the Alias table with valid IPs based on the query response.

Regards,
S.

Title: Re: 23.1.9 Alias type Hosts after creation is empty or incomplete
Post by: nzkiwi68 on June 29, 2023, 11:54:49 PM

I'm going to backup, flatten the existing appliance FW, build fresh with latest build and restore.

It's just not behaving properly and I can't see why.

OPNsense Forum

Archive => 23.1 Legacy Series => Topic started by: nzkiwi68 on June 21, 2023, 02:07:15 AM