dns override issue after updating to 22.7.3_2

Started by jamescp, September 03, 2022, 01:39:58 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
September 03, 2022, 01:39:58 AM
hello all, i'm fairly new to opnsense but i've used pfsense for years. after i upgraded this morning i've noticed my dns overrides are no longer working in reverse. i can resolve the host name i.e. host.localhostname.host to the ip, yet when i try to resolve the ip it doesn't direct to the hostname that it should be. is there a setting i'm missing in unbound? the only thing i'm seeing in the logs is:

2022-09-02T19:30:50-04:00   Warning   unbound   PTR record already exists for

and thats for all my overrides. it was working fine up until this update. thanks in advance for the help.
September 03, 2022, 12:00:06 PM #1
Second time in 2 days that Unbound stops working after the update.
Will try to figure out more and post here.
September 05, 2022, 09:58:39 AM #2
Because a PTR record cannot exist for multiple hosts. Unbound was dashing this out anyway but it caused problems for clients.


Cheers,
Franco
September 05, 2022, 10:01:48 PM #3
I am having the same problem. Every host override (A and Alias records) I have in the unbound config now fails the reverse lookup. Same error messages: "...PTR record already exists for...".

I haven't added all these hosts/aliases multiple times, so why does it throw this error message?

I would appreciate some guidance on how to fix this.

Thanks,
Ben
September 08, 2022, 06:55:18 PM #4
Upgraded to 27.2.4, problem persists.

Ben
September 08, 2022, 07:39:43 PM #5
Quote from: franco on September 05, 2022, 09:58:39 AM
Because a PTR record cannot exist for multiple hosts. Unbound was dashing this out anyway but it caused problems for clients.
I believe there is something broken in the logic that detects whether the PTR records should be generated.  After regenerating my unbound config, which contains a half dozen host overrides for static IPs, I see this (i.e., only PTR records for the router itself, none for any of the static IPs that have no PTR records anywhere).

Code Select
> sudo unbound-control -c /var/unbound/unbound.conf list_local_data | grep PTR
1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa.      10800   IN     PTR     localhost.
b.l.a.h.b.l.a.h.f.f.9.b.d.0.2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa.       3600   IN     PTR     rtr00.lan.
1.0.0.127.in-addr.arpa.    10800   IN      PTR     localhost.
15.1.168.192.in-addr.arpa.  3600   IN      PTR     rtr00.lan.

I'm unclear as to the intent at /usr/local/etc/inc/plugins.inc.d/unbound.inc:573, but it looks like it assumes all entries in "Host Overrides" are aliases?  Should I be defining my static IP hosts in some other fashion?

Code Select

                      if (($alias === $tmp_aliases[0] || $tmp_aliases[0]['hostname'] === '*') && !in_array($host->server, $ptr_records, true)) {
                          /* Only generate a PTR record for the non-alias override and only if the IP is not already associated with a PTR.
                           * The exception to this is an alias whose parent uses a wildcard and as such does not specify a PTR record.
                           */


September 09, 2022, 04:30:30 PM #6
Perhaps it's better to create an issue about this on github?

These look related:
https://github.com/opnsense/core/issues/5477
https://github.com/opnsense/core/pull/5925

BTW, I tried to opnsense-revert to 22.7.2, but that got nowhere fast. UI would not start up I should reinstall this one and start using boot environments...

Ben
September 09, 2022, 04:53:29 PM #7
Thanks for digging out those links, Ben.  Looks like my concerns are already voiced and fixed here:

https://github.com/opnsense/core/pull/5925#issuecomment-1240596555

I tested that change and it works as I expect.
September 09, 2022, 04:58:57 PM #8
Great! I will go and test that too after the weekend (when I'm physically at the firewall  :) ).

Ben
September 09, 2022, 05:27:08 PM #9
In case anyone else wants to try:

Code Select
sudo vi /usr/local/etc/inc/plugins.inc.d/unbound.inc


Go to line 573, add "!" between first two parentheses

Code Select
573                  if (!($alias...

I ran the unbound-control I mention above, both before and after, diffing the two results and saw all the PTR records for host entries as I expected, and none for the aliases.
September 12, 2022, 07:31:00 PM #10
Thanks again, that fixed the problem here too.

Ben
September 13, 2022, 03:32:03 AM #11
Quote from: efahl on September 09, 2022, 05:27:08 PM
In case anyone else wants to try:

Code Select
sudo vi /usr/local/etc/inc/plugins.inc.d/unbound.inc


Go to line 573, add "!" between first two parentheses

Code Select
573                  if (!($alias...

I ran the unbound-control I mention above, both before and after, diffing the two results and saw all the PTR records for host entries as I expected, and none for the aliases.

this fixed my issue. thank you for your help.
Print
Go Up Pages1
User actions