GUI DNS Resolver configuration and unbound.conf

[bringha]

Hi there,

I tried to bring the unbound DNS resolver up via the Gui in 15.7.18. I have in my private LAN a mixed set of clients via DHCP and servers with static IP Adresses.

I checkboxed therefore 'Register DHCP leases' which creates also correctly the file /var/unbound/host_entries.conf with entries like

Code: [Select]

local-data: "hostname IN A 192.168.1.203"
local-data-ptr: "192.168.1.203 hostname.zuhause.local"

As  suggested I the configured the static IP adresses with the text field which opens when activating the extended configuration button in the same way

Code: [Select]

local-data: "server IN A 192.168.1.20"
local-data-ptr: "192.168.1.20 server.zuhause.local"

When you then press the 'Speichern' button and activate the settings, the GUI corrupts the config file /var/unbound/unbound.conf. Two problems happen:

1.) Each <Space> character of the GUI is translated in <CRLF> in the config file so that we have

Code: [Select]

local-data:
"server
IN
A
192.168.1.20"
local-data-ptr:
"192.168.1.20
server.zuhause.local"

2.) The entries are put to the end of the file so that we have two segments with local-data entries:

Code: [Select]

(...)
# Access lists
include: /var/unbound/access_lists.conf

# Static host entries
include: /var/unbound/host_entries.conf

# Domain overrides
include: /var/unbound/domainoverrides.conf
# Forwarding
forward-zone:
    name: "."
        forward-addr: 2001:470:20::2
        forward-addr: 192.168.x.x
        forward-addr: 8.8.8.8

# Unbound custom option
local-data: "server1.zuhause.local IN A 192.168.1.30"
local-data-ptr: "192.168.1.30 server1"
(...)
local-data: "ipmi-home.zuhause.local IN A 192.168.1.5"
local-data-ptr: "192.168.1.5 ipmi-home"


###
# Remote Control Config
###

As between the include of the dynamic addresses

Code: [Select]

# Static host entries
include: /var/unbound/host_entries.conf
there is the config element forward zone,

Code: [Select]

# Domain overrides
include: /var/unbound/domainoverrides.conf
# Forwarding
forward-zone:
    name: "."
        forward-addr: 2001:470:20::2
        forward-addr: 192.168.x.x
        forward-addr: 8.8.8.8
the second local-data segment leads to an illegal config file format.

As a consequence, the attempt to restart unbound out of the GUI fails and the resolver never comes up again until the config file is corrected manually.

I think that should be possible to be fixed pretty quickly ....

Br br

 

[Andreas]

What for effects you get from this error? Perhaps that the system gets slower and couldn't save edits on the rules?


Gesendet von iPhone mit Tapatalk

[bringha]

Don't understand your question?

What effect do you need more than

• The GUI for DNS Resolver is useless when you have changes in your static IP address area
• Unbound does not restart and you have no DNS service

I think its worth to strive for a correction ...

Br br

[Andreas]

Sorry I didn't expressed it correctly
My question targets if there a side effects. Perhaps your found issue adresses my too
I have several problems with saving rules and so on
Perhaps there is an similar problem so I ask for that
Thx


Gesendet von iPhone mit Tapatalk

[bringha]

can't say that one - with the rules however ist seems to be almost fine in my installation ...

although: sometimes I need to reboot before the rules apply ....

[bringha]

Hello together,

once again to this topic: The issue with unbound is evolving somewhat painful because in fact it destabilizes the DNS resolver service. It therefore generates some urgency for a fix as this situation prevents productive resolver usage.

Some more scenarios:

• It is impossible to reboot the system when you have the change made in GUI as then every time the /var/unbound/unbound.conf file is overwritten. This means that with every reboot there is no autostart possible with the DNS resolver and you have a.
  
• This become very painful also when due to IPV6 prefix delegation update: also then the DNS interface addresses for LAN etc. is changing un unbound.conf accordingly (thanks to our beloved fellows from Telekom a real scenario). This is done again with a copy of the corrected (corrupt) version of the file. And agin, restart of unbound fails.
  
• A direct insertion of the local-data: statements in the config file does also not work as being overwritten and then eliminated...
  

What needs to be done to create attention for the fix? Where does it need to be reported?

Meanwhile: Is there a workaround?

Looking forward to a reply

Br br

[AdSchellevis]

Hi bringha,

I think your using the wrong feature here, you can add additional static overrides in "Host Overrides" at the bottom of the page.

When you do this, similar items as the dhcp clients will be added in /var/unbound/host_entries.conf

(my example host testing12345.example.nl):
local-data-ptr: "10.211.55.101 testing12345.example.nl"
local-data: "testing12345.example.nl IN A 10.211.55.


Regards,

Ad

[bringha]

Hello Ad,

.... you are so right !!!!!

Stupid mistake on my side  - I did it like that when I used the dns forwarder before 

This was so easy to fix ....

Thanks a lot !

Br br

[bringha]

Hello together

Sorry but I have once more to bother with this this topic:

Within the Host Overrides Area:

I can not get it managed to get inserted 'host aliases' (below area of the page) transferred into the config file. They get simply ignored. Anything what one need to care about?

Thanks for your reply

Br br

[AdSchellevis]

Nothing special, yesterday I just added one and pressed apply and it showed in /var/unbound/host_entries.conf.
Maybe you can post a screenshot of your host alias?

[bringha]

Here we are

[AdSchellevis]

Can you try the same without the extra aliases, to pinpoint when your issue occurs?

[bringha]

Hello Ad,

Without alias this is working! I used a workaround to repeat the alias names with a full entry resulting in an A record in the host_entries file.

Code: [Select]

local-data: "docserver.zuhause.xx IN A 192.168.1.31"

When I use the alias part of the GUI page, no entry in the file and no DNS resolution.


Br br

[AdSchellevis]

I just created an issue for this:
https://github.com/opnsense/core/issues/476

Good to hear the standard option is working.

[bringha]

Thanks!

br br