Unbound restart when "Register DHCP leases" is checked

[kevindd992002]

I just transitioned from pfsense to opnsense and wondering if this DNS issue is solved in opnsense? When a new device goes through the DHCP process and I have "register DHCP leases" checked in Unbound, does Unbound restart itself? This has been an issue with pfsense until now and I just kept the option disabled which means I can't resolve DHCP devices.

[Patrick M. Hausen]

This is necessary for Unbound to read the new host overrides produced by the DHCP leases. There is fundamentally no way around that as far as I know.

A cleaner solution would be proper RFC 2136 integration with BIND, but that also comes with some issues. Like no static entries in the zone you use for the dynamic ones.

I do not register dynamic DHCP leases. What for? Why would I want "Paddy's Macbook Pro" in my DNS? I do register all the static DHCP leases.

To be able to "ping foo", consider installing avahi on the individual machines, if you run e.g. a lot of VMs or containers and want to address them by hostname.

[kevindd992002]

In pfsense, when unbound restarts, it loses all of its cache. I see that in opnsense, that unbound option is set to disabled/unchecked which means that restarts won't really affect them. Is that option there as a workaround for this?

The only reason I want DHCP leases registered in unbound is so that I can see their friendly names in AdguardHome as it is using unbound as a reverse DNS server. I don't care about pinging/reaching the DHCP devices by name.

[franco]

The default behaviour in OPNsense is to retain the cache of Unbound across restarts.

But also we don't require an Unbound start for DHCP leases to appear as these are pushed over the Unbound control channel instead.


Cheers,
Franco

[kevindd992002]

Ok. So Patrick's response above is not accurate now? No offense intended. I'm just confused on replies that are a bit contradicting.

[franco]

I don't think Patrick means any harm. Implentation details are difficult to keep track of.

Cache flush option (off by default):

https://github.com/opnsense/core/blob/master/src/opnsense/mvc/app/controllers/OPNsense/Unbound/forms/general.xml#L95-L103

Code to bring new dynamic leases to Unbound without a restart:

https://github.com/opnsense/core/blob/master/src/opnsense/scripts/dhcp/unbound_watcher.py#L209-L213


Cheers,
Franco

[kevindd992002]

I completely agree. Patrick has been helpful to a lot of people in this forum. I don't mean any offense with my questions.

Ok, thanks for the confirmation! This is one other thing that I'm glad I switched over from pfsense to opnsense :) This issue has been existing for so many years with pfsense now and they don't care at all.

I'm wondering though. Is there a reason why "register DHCP leases" is disabled in the unbound settings by default?

[franco]

Legacy defaults and technical debt in the approach (as Patrick noted there are better ways).

We're currently not planning to allow bringing in dynamic leases from Kea, because the same constraints apply and we ideally would like something more robust for the future.


Cheers,
Franco

[kevindd992002]

Are you saying that when Kea becomes the only DHCP server available and ISC gets removed, the "register DHCP lease" option in unbound will be removed?

[franco]

I haven't said ISC is going to be removed. ;)

https://forum.opnsense.org/index.php?topic=38215.msg200831#msg200831


Cheers,
Franco

[kevindd992002]

Ahaha, I guess everyone is just assuming it gets deprecated at some point. But yeah, when KEA gets full blown, then I'm ok moving to it even if the register DHCP leases option isn't applicable for it. I'll cross the bridge when we get there.