Unbound custom parameters

[Mks]

Thanks for the information, looking forward for the plugin.

[opnsenseuser]

No, but a hook. I'm building a unbound-plus plugin. First release will offer dnsbl, future versions DoT and options you put in custom field. Just file them as an issue in github

What about dns over TLS! (DoT)

There is already a Github entrie
https://github.com/opnsense/core/issues/2909

[mimugmail]

It's inside your quote :) "future versions DoT"

[opnsenseuser]

It's inside your quote :) "future versions DoT"

I know, but what does future mean? 20.1 or later?
I am not a professional, but why is this feature so complicated, if it does nothing else but to set the manual entries via checkbox or dropdown?

Regards rene

[mimugmail]

When times allow it. First we need a release to stable. The bigger it gets the more time it needs to review/release

[franco]

The feature is not complicated. It's inherently unstable with the clusterf***ery that cloud DNS providers are doing at their backend side.  If we implement in an easy way we'll have more support to spend time on something that can already be configured manually and will potentially break your Internet. This is a lose-lose from the project's perspective.


Cheers,
Franco

[Stilez]

I'm using the custom options for a few areas now:

- To provide "split horizon" for different subnets, or for LAN vs. WAN (I could spin up two unbound instances but that's completely off the rails, and if Unbound is my resolver of choice I don't want to be forced to run 2 resolver softwares  just to get different views)
- To provide static responses that aren't available in the GUI for certain domains, such as manual dns-sd entries, and <local-zone: "DOMAIN" static> entries.

My Unbound.conf code custom snippets:

Code Select Expand

log-queries: yes
log-replies: yes

qname-minimisation: yes


# dns-sd manual entries

local-data: "b._dns-sd._udp.MY-FQDN IN PTR MY-FQDN"
local-data: "db._dns-sd._udp.MY-FQDN IN PTR MY-FQDN"
local-data: "r._dns-sd._udp.MY-FQDN IN PTR MY-FQDN"
local-data: "dr._dns-sd._udp.MY-FQDN IN PTR MY-FQDN"
local-data: "lb._dns-sd._udp.MY-FQDN IN PTR MY-FQDN"
local-data: "b._dns-sd._udp.0.0.193.10.in-addr.arpa. IN PTR MY-FQDN"
local-data: "db._dns-sd._udp.0.0.193.10.in-addr.arpa. IN PTR MY-FQDN"
local-data: "r._dns-sd._udp.0.0.193.10.in-addr.arpa. IN PTR MY-FQDN"
local-data: "dr._dns-sd._udp.0.0.193.10.in-addr.arpa. IN PTR MY-FQDN"
local-data: "lb._dns-sd._udp.0.0.193.10.in-addr.arpa. IN PTR MY-FQDN"
# Device #1: various definitions for primary printer
local-data: "MY-PRINTER.MY-FQDN A IP-ADDRESS"
local-data: "_printer._tcp.MY-FQDN PTR _MY-PRINTER._printer._tcp.MY-FQDN."
local-data: "_MY-PRINTER._printer._tcp.MY-FQDN SRV 0 0 631 MY-PRINTER.MY-FQDN."
local-data: "_printer._tcp.MY-FQDN PTR _MY-PRINTER._universal._sub._ipp._tcp.MY-FQDN."
local-data: "_universal._sub._ipp._tcp.MY-FQDN PTR _MY-PRINTER._universal._sub._ipp._tcp.MY-FQDN."
local-data: "_MY-PRINTER._universal._sub._ipp._tcp.MY-FQDN SRV 0 0 631 MY-PRINTER.MY-FQDN."
local-data: "_MY-PRINTER._universal._sub._ipp._tcp.MY-FQDN TXT txtvers=1 qtotal=1 adminurl=https://MY-PRINTER.MY-FQDN ty=MY-PRINTER note=(LOCATION) usb_MFG=HP usb_MDL=MY-PRINTER Scan=T Duplex=T Color=T PaperCustom=T"
local-data: "_printer._tcp.MY-FQDN PTR _MY-PRINTER._pdl-datastream._tcp.MY-FQDN."
local-data: "_pdl-datastream._tcp.MY-FQDN PTR _MY-PRINTER._pdl-datastream._tcp.MY-FQDN."
local-data: "_MY-PRINTER._pdl-datastream._tcp.MY-FQDN SRV 0 0 9100 MY-PRINTER.MY-FQDN."
local-data: "_MY-PRINTER._pdl-datastream._tcp.MY-FQDN TXT txtvers=1 qtotal=1 adminurl=https://MY-PRINTER.MY-FQDN ty=MY-PRINTER note=(LOCATION) usb_MFG=HP usb_MDL=MY-PRINTER Scan=T Duplex=T Color=T PaperCustom=T"
local-data: "_printer._tcp.MY-FQDN PTR _MY-PRINTER._ipp._tcp.MY-FQDN."
local-data: "_ipp._tcp.MY-FQDN PTR _MY-PRINTER._ipp._tcp.MY-FQDN."
local-data: "_MY-PRINTER._ipp._tcp.MY-FQDN SRV 0 0 80 MY-PRINTER.MY-FQDN."
local-data: "_MY-PRINTER._ipp._tcp.MY-FQDN TXT txtvers=1 qtotal=1 adminurl=https://MY-PRINTER.MY-FQDN ty=MY-PRINTER note=(LOCATION) usb_MFG=HP usb_MDL=MY-PRINTER Scan=T Duplex=T Color=T PaperCustom=T"
local-data: "_printer._tcp.MY-FQDN PTR _MY-PRINTER._ipps._tcp.MY-FQDN."
local-data: "_ipps._tcp.MY-FQDN PTR _MY-PRINTER._ipps._tcp.MY-FQDN."
local-data: "_MY-PRINTER._ipps._tcp.MY-FQDN SRV 0 0 443 MY-PRINTER.MY-FQDN."
local-data: "_MY-PRINTER._ipps._tcp.MY-FQDN TXT txtvers=1 qtotal=1 adminurl=https://MY-PRINTER.MY-FQDN ty=MY-PRINTER note=(LOCATION) usb_MFG=HP usb_MDL=MY-PRINTER Scan=T Duplex=T Color=T PaperCustom=T"


# kill list
# for domains where redirect to 127.0.0.1 or other IP is insufficient

local-zone: "DOMAIN" static
local-zone: "DOMAIN" static
  # and many others


# split horizon #1

access-control-view:  10.0.0.0/8     FROM-LAN
access-control-view:  0.0.0.0/0      FROM-WAN
access-control:       0.0.0.0/0      deny_non_local

view:
      # from lan - can recurse to root servers, can also use global data if nothing found in this section.
      # so we actually don't have to put anything much here.
  name: "FROM-LAN"
  view-first: yes

view:
      # from wan - forbidden to recurse, and can't access the data in the global section, or anything not explicitly stated in this view.
      # so we only need to put here, what an external WAN query needs to be able to find.
  name: "FROM-WAN"
  view-first:no
  local-zone: "." refuse
  local-data: 'FQDN.  DNS_RECORD '
  local-data: 'FQDN.  DNS_RECORD '
  local-data: 'FQDN.  DNS_RECORD '
There's a big difference between not adding a feature, vs. removing one that's already in use. Maybe stuff like this could be retained with a tunable added "Enable unverifiable config fields", so those who are by now depending on it, dont' worry they'll lose it?

[Mks]

Hi Stilez.

See also my posts. I'm also using "View" in unbound. https://github.com/opnsense/plugins/issues/1503#issue-493737939

br