Unbound: dynamic hostname mapping/KEA & ISC cannot be enabled back

Started by hakuna, Today at 11:15:16 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
Today at 11:15:16 AM
Before: Client > OPNSense ISC > PiHole (mDNS) + Unbound Recursive DNS > out
Goal: Client > OPNSense (DHCP, Unbound Recursive DNS, mDNS ) > PiHole > out

How is it going:

DHCP

  • KEA is being named as the replacement for ISC but it does not support Register DHCP mapping
  • Dnsmasq does support Register DHCP mappings but it is under ISC/KEA DHCP section for when it is set as DNS not DHCP Server(????)
  • Online and documentation points to ISC only support dynamic hostname mapping
https://docs.opnsense.org/manual/unbound.html
  • Since I disabled ISC to try KEA and dnsmasq, I cannot enable it back, ISC DHCPv4 is literally empty
  • I am stuck with KEA which doesn't work for what I need and neither does dnsmasq

DNS

  • Surfing the internet is insane faster thanks to OPNSense running it instead of PiHoles (tiny VM)
  • "Flush DNS Cache during reload" is disabled, but reloading Unbound cleans the cache and we are back to dial-up speed every single time(????)
  • ping "s6.home.arpa" no longer works, I must move Unbound back to PiHole and manually set the local DNS there
  • Official documentation does not mention Unbound runs as recursive DNS by default

I am in the process of setting up dual-stack so it makes more sense to move things to OPNSense.
But dynamic hostname mapping does not work, let alone manual one
ISC is gone, the only one that supports dynamic hostname mapping (I guess) can no longer be enabled on 26.1.1, it is gone.

I am stuck with IP only unless I move things back to Pi-Hole.
Today at 11:20:28 AM #1
To get ISC back install the plugin. Kea does support registration of static mappings in Unbound. Or go DNSmasq for DHCP and DNS.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
Today at 11:31:41 AM #2
Quote from: Patrick M. Hausen on Today at 11:20:28 AMTo get ISC back install the plugin. Kea does support registration of static mappings in Unbound. Or go DNSmasq for DHCP and DNS.

I had to:

  • Disable Dnsmasq
  • Enable Kea
  • ISC options are back
  • Disable Kea
  • Enable ISC back

This cannot be right at all.

OPNSense documentation mention that Kea does not support registration mapping, it does not even have the option.
Dnsmasq for DHCP + DNS does not give me Recursive DNS.
Today at 11:34:49 AM #3 Last Edit: Today at 11:38:37 AM by Patrick M. Hausen
Kea does register static mappings as documented:

QuoteCurrently it is not possible to register hostnames dynamically between KEA and Unbound, only static reservations will be synchronized on an Unbound service restart.

https://docs.opnsense.org/manual/kea.html

If you must have registration of dynamic mappings, your only choice is DNSmasq. For recursion you can either

- use Unbound as the client facing recursive server and forward the local domain to DNSmasq
- use DNSmasq as the client facing not recursive server and forward to unbound as upstream for recursion

I'd say which one to pick is a matter of taste.

But since I absolutely dislike DNSmasq and never register dynamic leases, anyway, I am happy with Kea and Unbound.

YMMV
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
Today at 12:03:02 PM #4
Quote from: Patrick M. Hausen on Today at 11:34:49 AMBut since I absolutely dislike DNSmasq and never register dynamic leases, anyway, I am happy with Kea and Unbound.

YMMV

Got everything working dynamically:

  • ISC DHCPv4 does its thing
  • Unbound does its things: Recursive and "Register ISC DHCP4 Leases" and "Register DHCP Static Mappings"
  • PiHole was the missing bit: Condition Forward: true,192.168.1.0/24,192.168.1.1,home.arpa

My tablet got a dynamic 192.168.1.82, I can now "dig s6.home.arpa" and get the response back.
I can also go to the browser and hit https://firewall01.home.arpa, that goes to OPNSense as it should.

I will leave as it is until Kea supports dynamic mapping or until OPNSense completely removes ISC.

Finally, I have been fighting this since 5PM, it is 10PM now lmao

Thank you so much :)

Today at 12:07:08 PM #5
EDIT: If anybody knows please let me know how to report bugs: Unbound does not respect: Flush DNS Cache during reload
Reloading the service is purging the cache every time.
Today at 12:31:24 PM #6
Open an issue on Github: https://github.com/opnsense/core/issues
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
Today at 12:42:01 PM #7
Today at 01:10:25 PM #8
For future reference, this is an intended behaviour and the ticket was closed in 2021: https://github.com/opnsense/core/commit/4a1bc9f8b5e65651e85385ce0fc6969cd30b2c13

Unbound by design flushes the cache and reload the config on reload, there is an option to avoid that but.
Today at 01:13:23 PM #9
Quote from: hakuna on Today at 12:07:08 PMEDIT: If anybody knows please let me know how to report bugs: Unbound does not respect: Flush DNS Cache during reload
Reloading the service is purging the cache every time.

Even if you remove the check mark?
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
Today at 02:56:33 PM #10
I think it's working as described, but it doesn't work on reboots (by initial design).

We discussed it here https://github.com/opnsense/core/issues/9774

Cheers,
Franco
Print
Go Up Pages1
User actions