Wrong domain name w/Unbound DHCP leases with multiple VLANs

Started by ctrlbrk, July 26, 2021, 08:58:00 PM

Previous topic - Next topic
Print
Go Down Pages 1 2 3
User actions
July 27, 2021, 10:16:22 PM #15 Last Edit: July 28, 2021, 04:48:59 AM by pmhausen
It can technically be done with ISC DHCP and BIND but the OPNsense framework and UI doesn't support it, if I am not mistaken.

Possibly there are hooks in place for custom configuration that will survive reboots and updates.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
July 27, 2021, 10:38:18 PM #16
Also looked at dnsmasq in OPN and found this language (this time I RTFM)

QuoteThe domain name to use for DHCP hostname registration. If empty, the default system domain is used. Note that all DHCP leases will be assigned to the same domain. If this is undesired, static DHCP lease registration is able to provide coherent mappings.

So I guess dnsmasq also out.
July 28, 2021, 07:30:29 AM #17
@pmhausen
GUI contains ddns parameters (click Advanced button on Dynamic DNS parameter) that generates plausible directives in .conf. I use internal dhcp-s, so I did not check it
July 28, 2021, 09:06:43 AM #18
Well, Dnsmasq used the same tool as Unbound a while back so it's not unnatural for it to have the same limitation anyway. ;)

https://github.com/opnsense/core/issues/5119


Cheers,
Franco
July 28, 2021, 11:05:56 AM #19
Quote from: Fright on July 28, 2021, 07:30:29 AM
GUI contains ddns parameters (click Advanced button on Dynamic DNS parameter) that generates plausible directives in .conf. I use internal dhcp-s, so I did not check it
Good to know, thanks. So it's only the BIND plugin that lacks a bit in options, here. Improvements always welcome.  ;)
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
July 28, 2021, 05:54:30 PM #20
So it's only the BIND plugin that lacks a bit in options, here. Improvements always welcome.
at first (!) glance everything is not so scary with unbound:
small changes in dhcpd.inc generates 'dhcp pool'->'domain-name' file that i can try to use in unbound_dhcpd.py to change 'domain' to one from pool settings ("lease ip -> pool -> pool domain" if any).
but I have no way to test this on real clients.
maybe there are utilities emulating clients with a complete process of obtaining a lease? (nmap only sends a DHCPINFORM afaik)
July 28, 2021, 09:19:29 PM #21
My point is that dhcpd and named actually share a common standard protocol for dynamic updates so nobody would need to code "lease update magic" at the file level. Dhcpd can send named all the info whenever a lease is issued or renewed.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
July 29, 2021, 08:20:27 AM #22
Bind was removed from BSDs and replaced with Unbound for security reasons. Now we want to bring Bind in to fill a small gap because it already has this implemented? Sounds like going in circles. :)


Cheers,
Franco
July 29, 2021, 11:17:00 AM #23
I'd say it was removed because it was not considered worth to keep up with upstream patches for just a local cacheing recursive NS. But it's still in ports and well supported.

I'll look into the BIND plugin, possibly this can be added as an option.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
July 29, 2021, 11:36:31 AM #24
Fair enough, it would help those who can/want to run a Bind server locally quickly.


Thanks,
Franco
August 01, 2021, 07:22:11 PM #25
From GitHub, it looks like this has been solved? How can I test the new version?
August 01, 2021, 07:27:14 PM #26
I can post test instructions tomorrow after giving it a try.


Cheers,
Franco
September 15, 2021, 03:32:46 AM #27
Quote from: ctrlbrk on August 01, 2021, 07:22:11 PM
From GitHub, it looks like this has been solved? How can I test the new version?

I may have gotten lost in the conversation of the original problem and the talk of DDNS.  Are you saying Unbound handling multiple domain names on different VLANs has been fixed?

I'm fully updated and have the same issue as the OP.  Wondering if there is a solution coming or not.  It's not a huge deal, just easier to understand what device I'm looking at on a rDNS lookup (pi-hole stats).
September 15, 2021, 10:20:56 AM #28
It's in the development version but wasn't cleared for release just yet. It might be in 21.7.3 next week given that it works fine.

So far, however, lots of "want want want" but no feedback on the actual implementation.

This is business as usual but makes us question if it was really that important. ;)


Cheers,
Franco
September 15, 2021, 01:20:37 PM #29
Again, forgive me as I'm not a developer and such...

Thanks for the update on that.  I'm not sure what you would like for implementation feedback, just testers or what settings should be placed in the UI? 

I wouldn't say it is necessarily "important"? but I don't believe it is expected behavior to query unbound and have it come back with a default domain when a machine is on a different vlan with different domain.  That's how I wandered into this thread.  More than likely users just don't care or don't do rDNS lookups often?  No idea.

Really appreciate the work on OPN, I've been pretty happy with it overall.  This isn't a sticking point where I would go through the work of switching or putting my USG (shudder) back in place.
Print
Go Up Pages 1 2 3
User actions