OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Archive »
  • 18.1 Legacy Series »
  • RFC Unbound: CNAMES
« previous next »
  • Print
Pages: [1]

Author Topic: RFC Unbound: CNAMES  (Read 3130 times)

ruggerio

  • Sr. Member
  • ****
  • Posts: 290
  • Karma: 11
    • View Profile
RFC Unbound: CNAMES
« on: March 19, 2018, 12:58:25 pm »
Hello,

CNAMES are commonly used in Network Environments. Could you please add the Option in unbound to add CNAME's to existing A-Records?

Thanks,
Roger
Logged

franco

  • Administrator
  • Hero Member
  • *****
  • Posts: 13679
  • Karma: 1176
    • View Profile
Re: RFC Unbound: CNAMES
« Reply #1 on: March 20, 2018, 07:21:56 am »
Hi Roger,

As a starting point... CNAME support was brought in and backed out again last year:

https://github.com/opnsense/core/pull/1617#issuecomment-299665206

Not sure what the state is now, but it was done at the contributor's request over concerns with the correctness in Unbound itself.


Cheers,
Franco
Logged

ruggerio

  • Sr. Member
  • ****
  • Posts: 290
  • Karma: 11
    • View Profile
Re: RFC Unbound: CNAMES
« Reply #2 on: March 20, 2018, 07:22:13 am »
Sorry about this.

After researching lots, i found, that unbound is no 100% the choose for this.

I changed to dnsmasq, which i know from Linux, it brings the functionality.

Question: is the actual implementation from dnsmasq in opnsense using dnssec?

Thx,
Roger
Logged

franco

  • Administrator
  • Hero Member
  • *****
  • Posts: 13679
  • Karma: 1176
    • View Profile
Re: RFC Unbound: CNAMES
« Reply #3 on: March 20, 2018, 07:29:50 am »
DNSSEC is not yet implemented in Dnsmasq in OPNsense so far. That was one of the reasons for switching to Unbound as the default last year, although DNSSEC had to be backed out of default installs because too many providers mess with user DNS in the first place.


Cheers,
Franco
Logged

ruggerio

  • Sr. Member
  • ****
  • Posts: 290
  • Karma: 11
    • View Profile
Re: RFC Unbound: CNAMES
« Reply #4 on: March 20, 2018, 07:41:34 am »
Thx Franco,

Do exist plans to implement dnssec in dnsmasq for opnsense?

Thx,
Roger
Logged

franco

  • Administrator
  • Hero Member
  • *****
  • Posts: 13679
  • Karma: 1176
    • View Profile
Re: RFC Unbound: CNAMES
« Reply #5 on: March 20, 2018, 07:43:11 am »
Yes, why not. although I'd kindly ask for a ticket and subsequent help in testing:

https://github.com/opnsense/core/issues

Best case also help in providing the configuration bits necessary to move this along quickly. :)


Cheers,
Franco
Logged

ruggerio

  • Sr. Member
  • ****
  • Posts: 290
  • Karma: 11
    • View Profile
Re: RFC Unbound: CNAMES
« Reply #6 on: March 20, 2018, 08:08:47 am »
Hi Franco,

Sorry, new to those processes :)

add DNSSEC-Support to DNSMASQ  #2275

Of course i will help testing it.

Thx
Roger
Logged

  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • Archive »
  • 18.1 Legacy Series »
  • RFC Unbound: CNAMES
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2023 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy
    | XHTML | RSS | WAP2