Aliases aren´t fine

[carlosvillalba]

Hello:

Aliases composed by several hosts doesn´t works.
I hope this error can be corrected fastly.

Thank you.

[elektroinside]

Please define "doesn't work" in detail. Thanks.

[franco]

Also, which version are you using?


Thanks,
Franco

[netranger]

Hi!

I too noticed that the aliases stopped working for me after upgrading to 18.1.4.

Alias looks like this: alias2.png
Firewallrule for testing looks like this: fwrule.png

When I change the content of the alias to the IP of my machine and restart the ping, it is being blocked -> rule working correctly.

This was working for me with 17.7. I was able to test this issue on two different machines. Are we doing something wrong?

Cheers

[john9527]

I may have something similar.  18.1.4 and possibly all of 18.1.x (didn't run too much on the earlier releases).

Have several alias's defined which reference local hostnames (have tried with and without domain)
These local clients are assigned addresses by DHCP (not static)
dnsmasq and unbound are configured to to register DCHP leases (I use both for various clients)

After rebooting, all the alias's defined with the local hostnames are not populated with ip's.   Pinging a client by hostname may cause the alias to be populated (haven't confirmed this is consistent yet).

[opnsense_user12123]

I have the same problem using "Alias" since the 18.1 version but nobody believed me! :-(

[elektroinside]

Are you all guys using aliases for local hostnames? Why? Why?

[marjohn56]

@elektroinside - Indeed

Try this guys, use the static IP's you've already defined. As shown in the first image.

Rule is then as shown in image2

[elektroinside]

Exactly. There is no DNS failure involved in this case.
If the DNS lookup fails for any reason, the alias cannot work.

But, as always, I would recommend to fix all DNS issues and use a properly configured DNS server/chain to resolve dns queries.

[john9527]

Are you all guys using aliases for local hostnames? Why? Why?

I prefer to use static IPs only for my network components (switches, APs, etc) and have all my clients get addresses via DHCP.

Then I add the appropriate local hostnames to an alias 'MEDIA_PLAYERS' for example, and write rules that restrict their access to only certain LAN clients (also an alias of local hostnames called 'MEDIA_SERVERS')

[elektroinside]

Are you all guys using aliases for local hostnames? Why? Why?

I prefer to use static IPs only for my network components (switches, APs, etc) and have all my clients get addresses via DHCP.

Then I add the appropriate local hostnames to an alias 'MEDIA_PLAYERS' for example, and write rules that restrict their access to only certain LAN clients (also an alias of local hostnames called 'MEDIA_SERVERS')

Overcomplicated and unnecessary design with too much work for the fw and prone to errors... I do agree that the best design is using DHCP, but only after configuring static leases for each LAN client.

With your design, you have to make sure that if the client changes its IP, that is registered in the DNS resolver (this involves 2 failing points: the DNS server and the client). Then, when a rule is hit involving the alias, the fw has to query the DNS server to resolve the hostname configured in the alias. If, for whatever reason this fails, several attempts will be made to resolve the query in many different ways (with or without DNS suffix etc). If this fails, it will be forwarded to the upstream DNS servers. If this fails, then you will get an error. So too much, unnecessary work.. prone to failures.

Not to mention that everything will eventually end up to an IP address anyways...