RFC Unbound: CNAMES

[ruggerio]

Hello,

CNAMES are commonly used in Network Environments. Could you please add the Option in unbound to add CNAME's to existing A-Records?

Thanks,
Roger

[franco]

Hi Roger,

As a starting point... CNAME support was brought in and backed out again last year:

https://github.com/opnsense/core/pull/1617#issuecomment-299665206

Not sure what the state is now, but it was done at the contributor's request over concerns with the correctness in Unbound itself.


Cheers,
Franco

[ruggerio]

Sorry about this.

After researching lots, i found, that unbound is no 100% the choose for this.

I changed to dnsmasq, which i know from Linux, it brings the functionality.

Question: is the actual implementation from dnsmasq in opnsense using dnssec?

Thx,
Roger

[franco]

DNSSEC is not yet implemented in Dnsmasq in OPNsense so far. That was one of the reasons for switching to Unbound as the default last year, although DNSSEC had to be backed out of default installs because too many providers mess with user DNS in the first place.


Cheers,
Franco

[ruggerio]

Thx Franco,

Do exist plans to implement dnssec in dnsmasq for opnsense?

Thx,
Roger

[franco]

Yes, why not. although I'd kindly ask for a ticket and subsequent help in testing:

https://github.com/opnsense/core/issues

Best case also help in providing the configuration bits necessary to move this along quickly.


Cheers,
Franco

[ruggerio]

Hi Franco,

Sorry, new to those processes

add DNSSEC-Support to DNSMASQ  #2275

Of course i will help testing it.

Thx
Roger