Prevent DNS resolver host aliases from moving to the wrong host#237
Open
djlongy wants to merge 2 commits intopfsensible:masterfrom
Open
Prevent DNS resolver host aliases from moving to the wrong host#237djlongy wants to merge 2 commits intopfsensible:masterfrom
djlongy wants to merge 2 commits intopfsensible:masterfrom
Conversation
djlongy
force-pushed
the
fix/dns-resolver-alias-misassignment
branch
3 times, most recently
from
358a278 to
f8ccc49
Compare
djlongy
changed the title
github-actions
bot
force-pushed
the
fix/dns-resolver-alias-misassignment
branch
2 times, most recently
from
c023359 to
e96ea5d
Compare
Contributor
|
I haven't had a chance to look at this yet, but could you add a changelog fragment? Also, I'm not sure why the tests are not running for this PR. |
opoplawski
force-pushed
the
fix/dns-resolver-alias-misassignment
branch
from
e96ea5d to
035e575
Compare
github-actions
bot
force-pushed
the
fix/dns-resolver-alias-misassignment
branch
from
035e575 to
9891fe4
Compare
Author
|
No problem, I've added a changelog fragment as requested :) |
djlongy
force-pushed
the
fix/dns-resolver-alias-misassignment
branch
from
50c1fae to
37b5c0f
Compare
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
djlongy
force-pushed
the
fix/dns-resolver-alias-misassignment
branch
from
37b5c0f to
63073c0
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What this fixes
This fixes a DNS resolver bug where host aliases can end up attached to the wrong host after a playbook reorders the
hostslist.In plain terms: if one host has aliases and another does not, changing the order of those hosts can cause the alias-less host to incorrectly inherit the other host's aliases in
config.xml.Why this is a problem
That means the saved pfSense DNS resolver configuration no longer matches the playbook input:
In practice, this can break anything depending on those internal DNS names being correct, including:
How it breaks
The module updates XML list entries by position. When a host that previously had aliases is replaced in that same XML position by a host with no aliases, the old nested alias entries are left behind instead of being cleared first.
So the host data changes, but the old alias children remain attached to that XML node.
Why this fix works
Before writing a plain scalar value into an XML element, this patch now removes any leftover child elements from the previous value.
That ensures a host with no aliases stays a host with no aliases, even if the host order changes.
Included in this PR
plugins/module_utils/pfsense.pyValidation
pfsense_dns_resolverpassesmaster