DNS aliases not resolving

Started by askax, March 05, 2022, 10:15:12 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
March 05, 2022, 10:15:12 PM Last Edit: March 05, 2022, 10:21:25 PM by askax
Hello everyone,

I've similar issues as already raised up in 21.7 on 22.1.

https://forum.opnsense.org/index.php?topic=24265.msg116146#msg116146

When I'm using DNS aliases, for example outlook.microsoft.com the system can't resolve the addresses. In the logs I get:

   
Code Select
Error /update_tables.py alias resolve error outlook (error fetching alias url outlook.microsoft.com)

I'm using DNS over TLS via unbound DNS. DNS resolving for clients and Firewall itself is working, and I don't use or configured WireGuard at the moment.

Also tried the option:  Do not use the local DNS service as a name server for this system
Didn't give effect to it.

Have I missed something?


March 06, 2022, 03:59:14 PM #1
Anyone ?

I am grateful for any help.
March 11, 2022, 12:18:39 PM #2
I have exactly the same issue.
March 11, 2022, 12:43:25 PM #3
Where and how is outlook.microsoft.com setup as an alias?
For instance from a client in my lan:

Code Select
$ dig +short outlook.microsoft.com
40.113.200.201
13.77.161.179
104.215.148.63
40.112.72.205
40.76.4.15
Is that what you have in an alias or maybe you can elaborate on what the problem is what diagnostics you've done.
March 15, 2022, 01:22:24 AM #4
I got the same addresses via console over opnsense.

Code Select
# dig +short outlook.microsoft.com
40.112.72.205
40.76.4.15
40.113.200.201
13.77.161.179
104.215.148.63

But these addresses don't show up in the Alias Overview(IP entries). I tried different forms URL, URLS. Only got the error alias resolve error outlook (error fetching alias url outlook.microsoft.com)  The url was only an example, because all domains which I tried ending up in this error. So in short, when adding domains into aliases for bringing the rules more dynamic against changing IPs, the IP wouldn't resolve.

Well, I tried for diagnostics the DNS lookup via webgui - works fine like the dig command. But always getting the fetching error when resolve it via aliases. Since now, no further diagnostics because I don't know where to start.

But I guess in general it's working, because else my clients and the firewall itself couldn't resolve it correctly. But where does the error hit in ? Script error ? False internal configuration?

Print
Go Up Pages1
User actions