dns override issue after updating to 22.7.3_2

[jamescp]

hello all, i'm fairly new to opnsense but i've used pfsense for years. after i upgraded this morning i've noticed my dns overrides are no longer working in reverse. i can resolve the host name i.e. host.localhostname.host to the ip, yet when i try to resolve the ip it doesn't direct to the hostname that it should be. is there a setting i'm missing in unbound? the only thing i'm seeing in the logs is:

2022-09-02T19:30:50-04:00   Warning   unbound   PTR record already exists for

and thats for all my overrides. it was working fine up until this update. thanks in advance for the help.

[peter.vynck]

Second time in 2 days that Unbound stops working after the update.
Will try to figure out more and post here.

[franco]

Because a PTR record cannot exist for multiple hosts. Unbound was dashing this out anyway but it caused problems for clients.


Cheers,
Franco

[Benst]

I am having the same problem. Every host override (A and Alias records) I have in the unbound config now fails the reverse lookup. Same error messages: "...PTR record already exists for...".

I haven't added all these hosts/aliases multiple times, so why does it throw this error message?

I would appreciate some guidance on how to fix this.

Thanks,
Ben

[Benst]

Upgraded to 27.2.4, problem persists.

Ben

[efahl]

Because a PTR record cannot exist for multiple hosts. Unbound was dashing this out anyway but it caused problems for clients.

I believe there is something broken in the logic that detects whether the PTR records should be generated.  After regenerating my unbound config, which contains a half dozen host overrides for static IPs, I see this (i.e., only PTR records for the router itself, none for any of the static IPs that have no PTR records anywhere).

Code: [Select]

> sudo unbound-control -c /var/unbound/unbound.conf list_local_data | grep PTR
1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa.      10800   IN     PTR     localhost.
b.l.a.h.b.l.a.h.f.f.9.b.d.0.2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa.       3600   IN     PTR     rtr00.lan.
1.0.0.127.in-addr.arpa.    10800   IN      PTR     localhost.
15.1.168.192.in-addr.arpa.  3600   IN      PTR     rtr00.lan.
I'm unclear as to the intent at /usr/local/etc/inc/plugins.inc.d/unbound.inc:573, but it looks like it assumes all entries in "Host Overrides" are aliases?  Should I be defining my static IP hosts in some other fashion?

Code: [Select]

                      if (($alias === $tmp_aliases[0] || $tmp_aliases[0]['hostname'] === '*') && !in_array($host->server, $ptr_records, true)) {
                          /* Only generate a PTR record for the non-alias override and only if the IP is not already associated with a PTR.
                           * The exception to this is an alias whose parent uses a wildcard and as such does not specify a PTR record.
                           */


[Benst]

Perhaps it's better to create an issue about this on github?

These look related:
https://github.com/opnsense/core/issues/5477
https://github.com/opnsense/core/pull/5925

BTW, I tried to opnsense-revert to 22.7.2, but that got nowhere fast. UI would not start up I should reinstall this one and start using boot environments...

Ben

[efahl]

Thanks for digging out those links, Ben.  Looks like my concerns are already voiced and fixed here:

https://github.com/opnsense/core/pull/5925#issuecomment-1240596555

I tested that change and it works as I expect.

[Benst]

Great! I will go and test that too after the weekend (when I'm physically at the firewall  ).

Ben

[efahl]

In case anyone else wants to try:

Code: [Select]

sudo vi /usr/local/etc/inc/plugins.inc.d/unbound.inc

Go to line 573, add "!" between first two parentheses

Code: [Select]

573                  if (!($alias...
I ran the unbound-control I mention above, both before and after, diffing the two results and saw all the PTR records for host entries as I expected, and none for the aliases.

[Benst]

Thanks again, that fixed the problem here too.

Ben

[jamescp]

In case anyone else wants to try:

Code: [Select]

sudo vi /usr/local/etc/inc/plugins.inc.d/unbound.inc

Go to line 573, add "!" between first two parentheses

Code: [Select]

573                  if (!($alias...
I ran the unbound-control I mention above, both before and after, diffing the two results and saw all the PTR records for host entries as I expected, and none for the aliases.

this fixed my issue. thank you for your help.