GUI generates a flawed UNBOUND configuration

[redstonemason]

I decided to move to OPNsense from pfSense in my LAB in order to easily get IPv6 working on my new ISP (Rogers Canada).

I performed:

1) Installed from the latest image "OPNsense-22.7-OpenSSL-vga-amd64.img".

2) Ran "System/Status/Check For Updates" and installed"22.7.10_2 (amd64/OpenSSL)".

3) Set "DNS Servers" to 1.1.1.1 and 9.9.9.9 in "System/General/Settings".

4) Disabled "System Nameservers" by unckecking "Use System NameServers" in "Services: Unbound DNS: DNS over TLS".

5) Setup "Custom Forwarding" in "Services: Unbound DNS: DNS over TLS" with "1.1.1.1 853" and "9.9.9.9 853".

6) Ran

    # configctl unbound check

   Got
   [1672949530] unbound-checkconf[37450:0] error: duplicate forward zone . ignored.
   no errors in /var/unbound/unbound.conf

This is the contents of my "/var/unbound/etc/dot.conf":

Code: [Select]


# Forward zones
forward-zone:
  name: "."
  forward-addr: 1.1.1.1@853
  forward-addr: 9.9.9.9@853

# Forward zones over TLS
server:
  tls-cert-bundle: /etc/ssl/cert.pem

forward-zone:
  name: "."
  forward-tls-upstream: yes
  forward-addr: 1.1.1.1@853
  forward-addr: 9.9.9.9@853


So the GUI definitely generates a duplicate "." zone.

BTW, I do score 100% on https://internet.nl/connection

[Fright]

first one

Code: [Select]

# Forward zones
forward-zone:
  name: "."
  forward-addr: 1.1.1.1@853
  forward-addr: 9.9.9.9@853
is from Services: Unbound DNS: Query Forwarding

[redstonemason]

I don't recall adding those entries into that tab. Were they auto-applied? Are they necessary?

[Fright]

Were they auto-applied? Are they necessary?

no and no