OPNsense Forum

Archive => 15.7 Legacy Series => Topic started by: bringha on November 21, 2015, 05:30:32 pm

Title: GUI DNS Resolver configuration and unbound.conf
Post by: bringha on November 21, 2015, 05:30:32 pm
Hi there,

I tried to bring the unbound DNS resolver up via the Gui in 15.7.18. I have in my private LAN a mixed set of clients via DHCP and servers with static IP Adresses.

I checkboxed therefore 'Register DHCP leases' which creates also correctly the file /var/unbound/host_entries.conf with entries like

Code: [Select]
local-data: "hostname IN A 192.168.1.203"
local-data-ptr: "192.168.1.203 hostname.zuhause.local"

As  suggested I the configured the static IP adresses with the text field which opens when activating the extended configuration button in the same way

Code: [Select]
local-data: "server IN A 192.168.1.20"
local-data-ptr: "192.168.1.20 server.zuhause.local"

When you then press the 'Speichern' button and activate the settings, the GUI corrupts the config file /var/unbound/unbound.conf. Two problems happen:

1.) Each <Space> character of the GUI is translated in <CRLF> in the config file so that we have
Code: [Select]
local-data:
"server
IN
A
192.168.1.20"
local-data-ptr:
"192.168.1.20
server.zuhause.local"

2.) The entries are put to the end of the file so that we have two segments with local-data entries:
Code: [Select]
(...)
# Access lists
include: /var/unbound/access_lists.conf

# Static host entries
include: /var/unbound/host_entries.conf

# Domain overrides
include: /var/unbound/domainoverrides.conf
# Forwarding
forward-zone:
    name: "."
        forward-addr: 2001:470:20::2
        forward-addr: 192.168.x.x
        forward-addr: 8.8.8.8

# Unbound custom option
local-data: "server1.zuhause.local IN A 192.168.1.30"
local-data-ptr: "192.168.1.30 server1"
(...)
local-data: "ipmi-home.zuhause.local IN A 192.168.1.5"
local-data-ptr: "192.168.1.5 ipmi-home"


###
# Remote Control Config
###

As between the include of the dynamic addresses
Code: [Select]
# Static host entries
include: /var/unbound/host_entries.conf
there is the config element forward zone,
Code: [Select]
# Domain overrides
include: /var/unbound/domainoverrides.conf
# Forwarding
forward-zone:
    name: "."
        forward-addr: 2001:470:20::2
        forward-addr: 192.168.x.x
        forward-addr: 8.8.8.8
the second local-data segment leads to an illegal config file format.

As a consequence, the attempt to restart unbound out of the GUI fails and the resolver never comes up again until the config file is corrected manually.

I think that should be possible to be fixed pretty quickly ....

Br br

 
Title: Re: GUI DNS Resolver configuration and unbound.conf
Post by: Andreas on November 21, 2015, 07:54:49 pm
What for effects you get from this error? Perhaps that the system gets slower and couldn't save edits on the rules?


Gesendet von iPhone mit Tapatalk
Title: Re: GUI DNS Resolver configuration and unbound.conf
Post by: bringha on November 21, 2015, 10:06:09 pm
Don't understand your question?

What effect do you need more than
I think its worth to strive for a correction ...

Br br
Title: Re: GUI DNS Resolver configuration and unbound.conf
Post by: Andreas on November 21, 2015, 10:34:51 pm
Sorry I didn't expressed it correctly
My question targets if there a side effects. Perhaps your found issue adresses my too
I have several problems with saving rules and so on
Perhaps there is an similar problem so I ask for that
Thx


Gesendet von iPhone mit Tapatalk
Title: Re: GUI DNS Resolver configuration and unbound.conf
Post by: bringha on November 22, 2015, 12:30:33 pm
can't say that one - with the rules however ist seems to be almost fine in my installation ...

although: sometimes I need to reboot before the rules apply ....
Title: Re: GUI DNS Resolver configuration and unbound.conf
Post by: bringha on November 23, 2015, 06:56:38 pm
Hello together,

once again to this topic: The issue with unbound is evolving somewhat painful because in fact it destabilizes the DNS resolver service. It therefore generates some urgency for a fix as this situation prevents productive resolver usage.

Some more scenarios:



What needs to be done to create attention for the fix? Where does it need to be reported?

Meanwhile: Is there a workaround?

Looking forward to a reply

Br br
Title: Re: GUI DNS Resolver configuration and unbound.conf
Post by: AdSchellevis on November 23, 2015, 07:43:15 pm
Hi bringha,

I think your using the wrong feature here, you can add additional static overrides in "Host Overrides" at the bottom of the page.

When you do this, similar items as the dhcp clients will be added in /var/unbound/host_entries.conf

(my example host testing12345.example.nl):
local-data-ptr: "10.211.55.101 testing12345.example.nl"
local-data: "testing12345.example.nl IN A 10.211.55.


Regards,

Ad
Title: Re: GUI DNS Resolver configuration and unbound.conf
Post by: bringha on November 23, 2015, 09:15:30 pm
Hello Ad,

.... you are so right !!!!!

Stupid mistake on my side  :( - I did it like that when I used the dns forwarder before  :o

This was so easy to fix ....

Thanks a lot !

Br br
Title: Re: GUI DNS Resolver configuration and unbound.conf
Post by: bringha on November 24, 2015, 08:20:00 am
Hello together

Sorry but I have once more to bother with this this topic:

Within the Host Overrides Area:

I can not get it managed to get inserted 'host aliases' (below area of the page) transferred into the config file. They get simply ignored. Anything what one need to care about?

Thanks for your reply

Br br
Title: Re: GUI DNS Resolver configuration and unbound.conf
Post by: AdSchellevis on November 24, 2015, 07:32:01 pm
Nothing special, yesterday I just added one and pressed apply and it showed in /var/unbound/host_entries.conf.
Maybe you can post a screenshot of your host alias?
Title: Re: GUI DNS Resolver configuration and unbound.conf
Post by: bringha on November 24, 2015, 08:05:22 pm
Here we are

Title: Re: GUI DNS Resolver configuration and unbound.conf
Post by: AdSchellevis on November 24, 2015, 08:08:01 pm
Can you try the same without the extra aliases, to pinpoint when your issue occurs?
Title: Re: GUI DNS Resolver configuration and unbound.conf
Post by: bringha on November 24, 2015, 08:45:12 pm
Hello Ad,

Without alias this is working! I used a workaround to repeat the alias names with a full entry resulting in an A record in the host_entries file.
Code: [Select]
local-data: "docserver.zuhause.xx IN A 192.168.1.31"

When I use the alias part of the GUI page, no entry in the file and no DNS resolution.


Br br
Title: Re: GUI DNS Resolver configuration and unbound.conf
Post by: AdSchellevis on November 24, 2015, 08:49:11 pm
I just created an issue for this:
https://github.com/opnsense/core/issues/476

Good to hear the standard option is working.
Title: Re: GUI DNS Resolver configuration and unbound.conf
Post by: bringha on November 24, 2015, 09:03:47 pm
Thanks!

br br