Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
dns filters: mac filtered lookups are cached #3785
First time creating an issue on github, sorry if I missed something important. I mailed the mailing list with subject:"PF 8.2.0 dns filters, mac and dnscache" and got a response from a Durand Fabrice that I should create an issue here. I'll just post parts of that email here then:
"Currently playing around with the new(?) macaddress filter in dns_filter.conf trying to use it as a way to block nodes from getting access to the captive portal when using dns_enforcement.
My plan was to add them like this and change the ipadress of the portal to something where I could just show a page like ”your device has been blocked”. Lets say that the correct IP for portal.test is 192.168.0.1.
This works fine, a client with a mac in the mac_blocklist will get 10.0.0.1 returned BUT the next client (not in the list) asking for portal.test will also get 10.0.0.1 instead of 192.168.0.1, it seems like the PF nameserver is caching the data since I can just wait a minute or two and then a client not in the list will resolve portal.test to 192.168.0.1.
Strange enough it does not cache it the other way around, if a client not in the list asks for portal.test and it resolves to 192.168.0.1 a client that is in the mac_blocklist will still resolve portal.test to 10.0.0.1 instantly."