unbound bug. DHCP clients can crash unbound.

Started by updatelee, February 18, 2026, 08:25:25 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
February 18, 2026, 08:25:25 PM
Im using Kea DHCP and Unbound DNS. If within Unbound you enable Register static mappings and Register ISC DHCP4 Leases and the DHCP client decides to have a hostname ending in a '.' for example 'xboxone.' then Unbound tries to register 'xboxone..mydomain.com' which isnt valid obviously and crashes unbound. Pretty simple little DoS lol. imo Kea DHCP and Unbound should both be checking that. Thoughts?
February 18, 2026, 09:09:56 PM #1
There is a reason for this. First, you cannot have kea and ISC active at the same time. So uncheck Register ISC DHCP4 Leases and make sure ISC is disabled. Next, kea adds a dot to the end of a hostname to signify no further resolution is required. (from kea documentation) This works until you decide to add a reservation. If you add a reservation, in the edit area, remove the trailing dot. The new reservation then works correctly and does not crash unbound.
Today at 04:04:55 PM #2
Why would you have a hostname with a '.' at the end?  I'm running the same setup here, and Kea/Unbound work great.  Do you know what causes the '.' on the hostname?
Today at 05:01:44 PM #3
This was odd to me as well when it first happened. I did a google and it led me to the official documentation on the kea website. I forget the entire explanation, but it had something to do with windows OS, I think. The dot, in kea's world, is a signal to not try and resolve the hostname beyond that trailing dot. Do not know why that concept is important to kea. And I did not see a pattern. Some leases had it, others did not.
unbound did crash when I added the reservation, before I realized I needed to remove the trailing dot.
Today at 05:30:10 PM #4
Not terribly often talked about, but, all FQDNs (even domains) have a period at the end. So, "google.com" is actually "google.com." and we just get to skip the last period because we never had to use it, they have let us skip it since for about forever (in nearly every service, save, Raw/back-end DNS).

At times like this you see the standard show up where you get to see the last period at the end of a name on the network.
Custom: ASRock 970 Extreme3 R2.0 / AMD FX-8320E / 32 GB DDR3 1866 / X520 & I350 / 500GB SATA
Today at 06:04:08 PM #5
Excellent, now I remember where I have seen that before. This is from an example exported from the godaddy dns system:
; CNAME Records
www 3600    IN  CNAME   example.com.    (<--trailing dot)
Thanks for clarifying.
Print
Go Up Pages1
User actions