23.1.9 Alias type Hosts after creation is empty or incomplete

Started by nzkiwi68, June 21, 2023, 02:07:15 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
June 21, 2023, 02:07:15 AM
We need to allow direct access bypassing our proxy, so, I created an Alias:

Alias name: exch_online_hosts
Type: Host(s)
Content: autodiscover.companyXYZ.co.nz outlook.office365.com outlook.office.com

Across a number of OPNsense firewalls

  • some made the alias with 0 loaded IP addresses
  • some made the alias with 8 loaded IP addresses
  • most made the alias with 16 loaded IP addresses
  • others made the alias with 28 loaded IP addresses

On those installations that made the alias with 0 or 8 entries, I manually ran the CLI command:

Code Select
/usr/local/opnsense/scripts/filter/update_tables.py

It returned Status "ok"

Alias now has 45 loaded entries!

Alias Host(s) type appears to have trouble with a Host alias that resolves to multiple additional names and then walking down through these and resolving those too, but, manually updating the tables from the CLI seems to work.


June 22, 2023, 10:38:27 AM #1
This weird, I use several Aliases Host(s) to resolve combination of domains + IPs for Servers (Games), and it works without problem. I can see OPN hits my DNS to resolve them in periodical intervals and they are all seen loaded.

Regards,
S.
Networking is love. You may hate it, but in the end, you always come back to it.

OPNSense HW
APU2D2 - deceased
N5105 - i226-V | Patriot 2x8G 3200 DDR4 | L 790 512G - VM HA(SOON)
N100   - i226-V | Crucial 16G  4800 DDR5 | S 980 500G - PROD
June 22, 2023, 03:18:08 PM #2
Quote from: Seimus on June 22, 2023, 10:38:27 AM
This weird, I use several Aliases Host(s) to resolve combination of domains + IPs for Servers (Games), and it works without problem. I can see OPN hits my DNS to resolve them in periodical intervals and they are all seen loaded.

Regards,
S.

Are the domains resolving to a single IP or multiple?  It appears the latter is the OPs problem.
June 22, 2023, 03:42:58 PM #3
I just checked just to be sure.

In my case they resolve to individual unique IPs, as they should.

Also I am using my own DNS server, Pihole + Unbound. So I can see directly what queries are made and what is being responded. At least in my case it works as should.

OPN has a list of Host(s) Aliases > periodically (default timer) it sent queries to refresh them > Populates the Alias table with valid IPs based on the query response.

Regards,
S.
Networking is love. You may hate it, but in the end, you always come back to it.

OPNSense HW
APU2D2 - deceased
N5105 - i226-V | Patriot 2x8G 3200 DDR4 | L 790 512G - VM HA(SOON)
N100   - i226-V | Crucial 16G  4800 DDR5 | S 980 500G - PROD
June 29, 2023, 11:54:49 PM #4
I'm going to backup, flatten the existing appliance FW, build fresh with latest build and restore.

It's just not behaving properly and I can't see why.
Print
Go Up Pages1
User actions