GUI generates a flawed UNBOUND configuration

redstonemason · January 05, 2023, 09:32:00 PM

I decided to move to OPNsense from pfSense in my LAB in order to easily get IPv6 working on my new ISP (Rogers Canada).

I performed:

1) Installed from the latest image "OPNsense-22.7-OpenSSL-vga-amd64.img".

2) Ran "System/Status/Check For Updates" and installed"22.7.10_2 (amd64/OpenSSL)".

3) Set "DNS Servers" to 1.1.1.1 and 9.9.9.9 in "System/General/Settings".

4) Disabled "System Nameservers" by unckecking "Use System NameServers" in "Services: Unbound DNS: DNS over TLS".

5) Setup "Custom Forwarding" in "Services: Unbound DNS: DNS over TLS" with "1.1.1.1 853" and "9.9.9.9 853".

6) Ran

# configctl unbound check

Got
[1672949530] unbound-checkconf[37450:0] error: duplicate forward zone . ignored.
no errors in /var/unbound/unbound.conf

This is the contents of my "/var/unbound/etc/dot.conf":

Code Select



# Forward zones
forward-zone:
  name: "."
  forward-addr: 1.1.1.1@853
  forward-addr: 9.9.9.9@853

# Forward zones over TLS
server:
  tls-cert-bundle: /etc/ssl/cert.pem

forward-zone:
  name: "."
  forward-tls-upstream: yes
  forward-addr: 1.1.1.1@853
  forward-addr: 9.9.9.9@853

So the GUI definitely generates a duplicate "." zone.

BTW, I do score 100% on https://internet.nl/connection

Fright · January 06, 2023, 09:42:44 AM

first one

Code Select

# Forward zones
forward-zone:
  name: "."
  forward-addr: 1.1.1.1@853
  forward-addr: 9.9.9.9@853

is from Services: Unbound DNS: Query Forwarding

redstonemason · January 06, 2023, 04:42:53 PM

I don't recall adding those entries into that tab. Were they auto-applied? Are they necessary?

Fright · January 06, 2023, 07:09:06 PM

QuoteWere they auto-applied? Are they necessary?

no and no :)

GUI generates a flawed UNBOUND configuration

redstonemason

January 05, 2023, 09:32:00 PM Last Edit: January 05, 2023, 10:19:47 PM by redstonemason

Fright

January 06, 2023, 09:42:44 AM #1

redstonemason

January 06, 2023, 04:42:53 PM #2

Fright

January 06, 2023, 07:09:06 PM #3