Why is custom options for Unbound removed in 21.7 ?

[Gilad]

From the changelog you posted on the announcement post you wrote:
"Unbound advanced configuration has been removed.  Local override directory /usr/local/etc/unbound.opnsense.d exists."

From this I took this to mean the page in "Services - Unbound DNS - Advanced" is being removed. However in reading the above comments I believe that the only thing being removed is actually "Services - Unbound DNS - general - Custom options" which is quite different.

Oh, I was also under the impressions that the whole section of Services/Unbound DNS/Advanced is being removed... Thanks for the clarification  :D

I think this should be changed in the OPNsense Roadmap, from "advanced" to "custom"...

[chemlud]

Would be very nice to get some offical ffedback before the relase of 21.7

Quite painful to see that nothing happend since January.

[mimugmail]

https://forum.opnsense.org/index.php?topic=23941.0

[franco]

> Oh, I was also under the impressions that the whole section of Services/Unbound DNS/Advanced is being removed...

I can see some of the confusion surrounding the loose terminology in day to day speak and similar names in the GUI. I adjusted the release announcement accordingly:

https://github.com/opnsense/changelog/commit/5d0f92d7e58e

> Quite painful to see that nothing happend since January.

Why does it matter when things are worked on when eventually they will be there and working ok? 21.1.9 is still around the corner giving us an opportunity to release enhanced support in 21.1.9.

In general, the best change we get is the one that is coming since we got no other contribution since then. It's not the end of the world as we know it. :)

FWIW, I pushed all your requirements from January into the ticket mentioned earlier so nothing was lost.

> Given these points, I find the given reason of trying to protect the incapable from themselves to be irrational.

I don't follow here, sorry. Can you try to explain this for me?


Cheers,
Franco

[allebone]

Thanks! From my perspective all makes perfect sense now and there is no real problem :)

Stay safe all!

P

[chemlud]

https://forum.opnsense.org/index.php?topic=23941.0

Many, many thanks! I guess no problem to use on LibreSSL, as no crypto involved, or? :-)

> Oh, I was also under the impressions that the whole section of Services/Unbound DNS/Advanced is being > Quite painful to see that nothing happend since January.

Why does it matter when things are worked on when eventually they will be there and working ok? 21.1.9 is still around the corner giving us an opportunity to release enhanced support in 21.1.9.

Many thanks for clarification, I stay tuned and can't wait to see what's arround the corner :-D

Will it be necessary to remove all custom entries to unbound in the GUI before updating to 21.1.9? Or will it automagically fill the GUI with the data from the custom field?

[franco]

Work has been concluded and DoT now is a grid view with room for individual on/off toggle, server address, port (optional) and hostname verification (optional). Strict Q-NAME is also available in the advanced settings.

I'll have a single patch backport for testing ready tomorrow.


Cheers,
Franco

[opnfwb]

Thank you Franco! This + the new ZFS installer make 21.7 a really nice release!

[franco]

Thanks, I hope so too. :)

I am having a little difficulty with the backport of the new DoT grid page... A larger number of changes in the Unbound area need to be cut from the backport but I hope to be done later today.


Cheers,
Franco

[franco]

Sorry, no, I'm unable to pull this over in one separate patch as it amounts to pulling in almost everything in the development branch regarding Unbound. The best approach for testers would be:

(switch to development release in firmware settings, check for updates and update)

(from the console)

# opnsense-code core
# cd /usr/core
# git checkout master
# make upgrade

Of course the development release shipped with 21.1.9 will have the changes included and the console upgrade is not required.


Cheers,
Franco

[chemlud]

Sorry, no, I'm unable to pull this over in one separate patch as it amounts to pulling in almost everything in the development branch regarding Unbound. The best approach for testers would be:

(switch to development release in firmware settings, check for updates and update)

(from the console)

# opnsense-code core
# cd /usr/core
# git checkout master
# make upgrade

Of course the development release shipped with 21.1.9 will have the changes included and the console upgrade is not required.


Cheers,
Franco

Hello again!

In 21.1.9

https://forum.opnsense.org/index.php?topic=24089

I don't find anything related to unbound?!?

What is state of the union on this?

[franco]

Of course the development release shipped with 21.1.9 will have the changes included and the console upgrade is not required.

[chemlud]

Quote from: franco on July 15, 2021, 08:03:06 pm

    > Oh, I was also under the impressions that the whole section of Services/Unbound DNS/Advanced is being > Quite painful to see that nothing happend since January.

    Why does it matter when things are worked on when eventually they will be there and working ok? 21.1.9 is still around the corner giving us an opportunity to release enhanced support in 21.1.9.

-----

Hmmm, but 21.7 tomorrow is going to remove the custom options?

[franco]

I repeat: switch to development, use the new code, do the upgrade, switch back to community.

(I don't want to force hundreds of lines into an EoL release for maximum convenience.)

[Taomyn]

Sorry for the noob question but trying to get ahead of the eventual upgrade to 21.7, but currently my Unbound has the following in custom:

Code Select Expand


server:
  do-not-query-localhost: no


forward-zone:
  name: "."
  forward-addr: ::1@5353
  forward-addr: 127.0.0.1@5353


It's forwarding to the DNSCrypt-Proxy service.

Will I be able to do this with 21.7 and the new standard menu? Currently still on 21.1.8 as I am not on-site to attempt the upgrade to 21.1.9