OPNsense Forum

Archive => 24.7, 24.10 Legacy Series => Topic started by: REB00T on September 10, 2024, 11:21:38 AM

Title: Dnsmasq IPset behaviour
Post by: REB00T on September 10, 2024, 11:21:38 AM
I have configured dnsmasq via a custom .conf file to resolve certain domains using a specified server using the `server` directive and to also add the results in an already configured alias of type external via the `ipset` directive. The problem I am facing is that while the first connection will **not** match the rule configured with said ipset as the destination, after resetting the states (or waiting for them to expire, as long as the DNS response's ttl is higher than the connection timeout) the rule will match. It seems to me like dnsmasq is responding with the result before actually appending said result to the configured ipset. Is this intended behaviour or should these actions be happening the other way around? If it is intended behaviour, does anyone have any ideas on how to work around this?

I should note that this especially becomes a problem with very low ttl values as the response after each connection expiry is different.