RFC Unbound: CNAMES

Started by ruggerio, March 19, 2018, 12:58:25 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
March 19, 2018, 12:58:25 PM
Hello,

CNAMES are commonly used in Network Environments. Could you please add the Option in unbound to add CNAME's to existing A-Records?

Thanks,
Roger
March 20, 2018, 07:21:56 AM #1
Hi Roger,

As a starting point... CNAME support was brought in and backed out again last year:

https://github.com/opnsense/core/pull/1617#issuecomment-299665206

Not sure what the state is now, but it was done at the contributor's request over concerns with the correctness in Unbound itself.


Cheers,
Franco
March 20, 2018, 07:22:13 AM #2
Sorry about this.

After researching lots, i found, that unbound is no 100% the choose for this.

I changed to dnsmasq, which i know from Linux, it brings the functionality.

Question: is the actual implementation from dnsmasq in opnsense using dnssec?

Thx,
Roger
March 20, 2018, 07:29:50 AM #3
DNSSEC is not yet implemented in Dnsmasq in OPNsense so far. That was one of the reasons for switching to Unbound as the default last year, although DNSSEC had to be backed out of default installs because too many providers mess with user DNS in the first place.


Cheers,
Franco
March 20, 2018, 07:41:34 AM #4
Thx Franco,

Do exist plans to implement dnssec in dnsmasq for opnsense?

Thx,
Roger
March 20, 2018, 07:43:11 AM #5
Yes, why not. although I'd kindly ask for a ticket and subsequent help in testing:

https://github.com/opnsense/core/issues

Best case also help in providing the configuration bits necessary to move this along quickly. :)


Cheers,
Franco
March 20, 2018, 08:08:47 AM #6
Hi Franco,

Sorry, new to those processes :)

add DNSSEC-Support to DNSMASQ  #2275

Of course i will help testing it.

Thx
Roger
Print
Go Up Pages1
User actions