Text only | Text with Images

OPNsense Forum

English Forums => 26.1 Series => Topic started by: updatelee on February 18, 2026, 08:25:25 PM

Title: unbound bug. DHCP clients can crash unbound.
Post by: updatelee on February 18, 2026, 08:25:25 PM
Im using Kea DHCP and Unbound DNS. If within Unbound you enable Register static mappings and Register ISC DHCP4 Leases and the DHCP client decides to have a hostname ending in a '.' for example 'xboxone.' then Unbound tries to register 'xboxone..mydomain.com' which isnt valid obviously and crashes unbound. Pretty simple little DoS lol. imo Kea DHCP and Unbound should both be checking that. Thoughts?
Title: Re: unbound bug. DHCP clients can crash unbound.
Post by: vimage22 on February 18, 2026, 09:09:56 PM
There is a reason for this. First, you cannot have kea and ISC active at the same time. So uncheck Register ISC DHCP4 Leases and make sure ISC is disabled. Next, kea adds a dot to the end of a hostname to signify no further resolution is required. (from kea documentation) This works until you decide to add a reservation. If you add a reservation, in the edit area, remove the trailing dot. The new reservation then works correctly and does not crash unbound.
Title: Re: unbound bug. DHCP clients can crash unbound.
Post by: LisaMT on February 19, 2026, 04:04:55 PM
Why would you have a hostname with a '.' at the end?  I'm running the same setup here, and Kea/Unbound work great.  Do you know what causes the '.' on the hostname?
Title: Re: unbound bug. DHCP clients can crash unbound.
Post by: vimage22 on February 19, 2026, 05:01:44 PM
This was odd to me as well when it first happened. I did a google and it led me to the official documentation on the kea website. I forget the entire explanation, but it had something to do with windows OS, I think. The dot, in kea's world, is a signal to not try and resolve the hostname beyond that trailing dot. Do not know why that concept is important to kea. And I did not see a pattern. Some leases had it, others did not.
unbound did crash when I added the reservation, before I realized I needed to remove the trailing dot.
Title: Re: unbound bug. DHCP clients can crash unbound.
Post by: jonny5 on February 19, 2026, 05:30:10 PM
Not terribly often talked about, but, all FQDNs (even domains) have a period at the end. So, "google.com" is actually "google.com." and we just get to skip the last period because we never had to use it, they have let us skip it since for about forever (in nearly every service, save, Raw/back-end DNS).

At times like this you see the standard show up where you get to see the last period at the end of a name on the network.
Title: Re: unbound bug. DHCP clients can crash unbound.
Post by: vimage22 on February 19, 2026, 06:04:08 PM
Excellent, now I remember where I have seen that before. This is from an example exported from the godaddy dns system:
; CNAME Records
www 3600    IN  CNAME   example.com.    (<--trailing dot)
Thanks for clarifying.
Text only | Text with Images