Bug #6712
closed
services_unbound.php Host Overrides don't change any unbound configuration
100%
Description
services_unbound.php
I cannot get any Host Override to be configured with unbound.
/var/unbound/host_entries.conf lists my /etc/hosts entries but
not my override entries.
My config.xml has my <hosts> details for <unbound> but I don't see it
at all in my /var/unbound settings.
(By the way, the unrelated Host Overrides for DNS Forwarder work and the Domain Overrides for DNS Resolver and DNS Forwarder work.)
(My list of bugs is at http://reedmedia.net/books/pfsense/bugs-20160813.html )
Updated by Kill Bill over 7 years ago
This certainly works. Would suggest using the forums for help.
Updated by Jeremy C. Reed over 7 years ago
Thanks to PiBa-NL on IRC who helped me troubleshoot this down to:
/etc/inc/system.inc
339 // prefer dnsmasq for hosts generation where it's enabled. It relies
340 // on hosts for name resolution of its overrides, unbound does not.
341 if (isset($config['dnsmasq']) && isset($config['dnsmasq']['enable'])) {
342 $dnsmasqcfg = $config['dnsmasq'];
343 } else {
344 $dnsmasqcfg = $config['unbound'];
345 }
Once I disabled dnsmasq it worked (had to save/apply in DNS Resolver first).
Since pfsense allows both to be enabled at same time (consider different Listen ports as documented), please allow both or clearly document and detect and warn.
It would be simple to just make a function for the code and pass dnsmasq or unbound to it.
By the way the comment in code above is misleading, as the read_hosts used for unbound also uses hosts (assume this comment means /etc/hosts).
Updated by Jim Thompson over 7 years ago
- Assignee set to Jeremy Porter
assigned to PIngle for eval, but looks like "not a bug" to me.
Updated by Jim Thompson over 7 years ago
- Category set to Unbound
- Status changed from New to Assigned
- Assignee changed from Jeremy Porter to Jim Pingle
wrong assignee
Updated by Jim Pingle over 7 years ago
- Project changed from pfSense Packages to pfSense
- Category deleted (
Unbound) - Assignee changed from Jim Pingle to Renato Botelho
Looks like it is a problem but not one most would hit since it's rare to have both enabled.
source:src/etc/inc/unbound.inc#L568 unbound_add_host_entries() is reading /etc/hosts rather than starting with $config['unbound']['hosts'].
When the DNS Forwarder is enabled, its contents are preferred for /etc/hosts since as the comment states, unbound doesn't care about /etc/hosts but dnsmasq does, which means if both are enabled, then the /etc/hosts entries from dnsmasq will be picked up and put in /var/unbound/host_entries.conf rather than what is defined in the GUI for DNS Resolver.
So unbound_add_host_entries() needs to be changed to read the hosts from config.xml not /etc/hosts. The only other reason I can think of why it would read /etc/hosts directly would be to also pick up the automatic entries for localhost and for the firewall itself, so those likely need added as well.
As an alternate tactic, hosts for dnsmasq could be written elsewhere and dnsmasq can be passed the --addn-hosts=/path/to/file parameter so it picks up its own distinct copy.
Updated by Jim Pingle over 7 years ago
- Category set to DNS Resolver
- Target version set to 2.4.0
- Affected Version set to 2.3.x
Updated by Renato Botelho over 7 years ago
- Status changed from Assigned to Feedback
- % Done changed from 0 to 100
Applied in changeset ac446eac051c4514666f9904bbdd0609468f2fc5.
Updated by Renato Botelho over 7 years ago
- Assignee changed from Renato Botelho to Jim Pingle
Assigning to Jim Pingle for testing
Updated by Jim Pingle over 7 years ago
- Status changed from Feedback to Resolved
Looks good now. Forwarder hosts go in /etc/hosts, Resolver hosts go in /var/unbound/host_entries.conf and they appear to work as expected.
Updated by Jim Pingle about 7 years ago
- Target version changed from 2.4.0 to 2.3.3