Unbound: How to manually edit the unbound.conf

[LouieLouie]

What is the correct path to manually edit unbound.conf?

I edited /var/unbound/unbound.conf, and today when I was intending to futz around with some other stuff, I noticed my edits had reverted to default.  I checked /usr/local/etc/unbound/unbound.conf, it's completely commented out.

Can unbound.conf be manually edited and remain compatible with the GUI?

Thanks!

[mimugmail]

There is a custom box via UI where you can put your stuff

[LouieLouie]

Hello mimugmail.  I had been using the gui custom box for most of 19.1.x without issue.  I'm now on 19.7.2.  Yesterday, my unbound dns died without warning (at least no warning that I recognized).  Monit reported Unbound not running.  Logs indicated Unbound would not restart.  I checked /var/unbound/unbound.conf.  I found both the default values at the beginning of the config file as well as my custom entries (for my desired configuration changes, also listed below) which were listed further down the config.

I deleted the custom box configs, saved, and then unbound restarted successfully.  Therefore, I believe that this is linked.  Additionally, I read somewhere that the custom box is scheduled for deprecation, so I thought I'd learn how to do things differently.

That's why I'm trying to manual edit the unbound.config .

Regards!

[chemlud]

The alternative to the GUI "custom box" is not to edit the config.xml, but to configure unbound directly from CLI (i.e via serial console) iiuc. ;-)

[Northguy]

The alternative to the GUI "custom box" is not to edit the config.xml, but to configure unbound directly from CLI (i.e via serial console) iiuc. ;-)

I think you are wrong, because as far as I understand the mechanisms of OPNsense unbound.conf (and any other config file) are overwritten by Opnsense uppon reboot, or when changes are applied through GUI. The only way is to add custom options is to use the custom options box, or to add those options to the code of OPNsense itself (i.e. adding those options to the models/controllers etc)

[LouieLouie]

The alternative to the GUI "custom box" is not to edit the config.xml, but to configure unbound directly from CLI (i.e via serial console) iiuc. ;-)

Exactly what I thought, however:

Just now I ssh'd onto the server and nano'd /var/unbound/unbound.conf to the parameters I wanted.  I saved successfully, then restarted unbound using plgincontrol.  Then, I checked the unbound.conf, my changes were removed and the original values were restored.

[marcri]

Hi,

I successfully use the custom box for unbound. I include my settings like this:

inside custom box:

Code Select Expand


server:
include: /var/unbound/steven.conf
include: /var/unbound/custom.conf


inside custom.conf:

Code Select Expand


server:
    domain-insecure: "XXX"
    domain-insecure: "YYY"
    local-zone: "YYYY." nodefault

remote-control:
    control-enable: yes
    control-interface: xxx
...


[LouieLouie]

Thanks!

I like how you threw in your own .conf's, didn't know you could do that.  If you have a parameter in the subordinate .conf which conflicts with the unbound.conf, how does it interact/function?

However, I believe I read that the Custom dialogue will be removed in forthcoming versions of OpnSense, possible 20.1.x .  That's why I'm trying to figure out the CLI editing.

[chemlud]

Franco recently wrote here somewhere that it will take some more major releases, before the custom options will be removed...

[mimugmail]

With 19.7.3 or .4 you can place *.conf in /var/unbound/etc/ .. there will be a static include for the whole folder. No plans for 20.1 removal yet :)

[franco]

Hopefully with 19.7.4 or use the development version of 19.7.3 when that is out tomorrow.


Cheers,
Franco