Aliases URL Tables (IPs) does not work correctly

[Anywake]

Important notices

Before you add a new report, we ask you kindly to acknowledge the following:

• [+] I have read the contributing guide lines at https://github.com/opnsense/core/blob/master/CONTRIBUTING.md
• [+] I am convinced that my issue is new after having checked both open and closed issues at https://github.com/opnsense/core/issues?q=is%3Aissue

Describe the bug

I have an alias URL Tables (IPs) - mail gmail

Firewall>Diagnostics:

my PC

URL Tables (IPs) does not contain real addresses 108.177.14.108 and 108.177.14.109.

Software version used and hardware type if relevant, e.g.:

OPNsense 22.7_4-amd64 FreeBSD 13.1-RELEASE OpenSSL 1.1.1q 5 Jul 2022

[kulikov-a]

https://serverfault.com/questions/1008483/how-does-google-return-a-different-a-record-every-time https://www.gstatic.com/ipranges/goog.txt

[Anywake]

OPNsense lookup IP *.gmail.com on other DNS? DNS server for computer is OPNsense (gateway). OPNsense use a different DNS? о_О should return the same ip for computer and OPNsense

PC (mail client) __ DNS request imap.gmail.com __ -> from gateway opnsense -> gateway opnsense __ DNS request from 8.8.8.8___ -> 8.8.8.8 answer "imap.gmail.com -108.177.14.109

[kulikov-a]

For geo/load balancing google dns records have short TTLs and authoritative servers mixing returning addresses so any host that tries to resolve *.Gmail.com may receive different answer on each try. IMHO it's not the best idea to try to use google dns records to filter google mail traffic. I would try to use ports and "google subnets" alias (see link in first answer)

[OPNsense-bot]

This issue has been automatically timed-out (after 180 days of inactivity).

For more information about the policies for this repository, please read https://github.com/opnsense/core/blob/master/CONTRIBUTING.md for further details.

If someone wants to step up and work on this issue, just let us know, so we can reopen the issue and assign an owner to it.