Project

General

Profile

Bug #6712

services_unbound.php Host Overrides don't change any unbound configuration

Added by Jeremy C. Reed 7 months ago. Updated about 1 month ago.

Status:
Resolved
Priority:
Normal
Assignee:
Category:
DNS Resolver
Target version:
Start date:
08/13/2016
Due date:
% Done:

100%

Affected version:
2.3.x
Affected Architecture:

Description

services_unbound.php
I cannot get any Host Override to be configured with unbound.
/var/unbound/host_entries.conf lists my /etc/hosts entries but
not my override entries.
My config.xml has my <hosts> details for <unbound> but I don't see it
at all in my /var/unbound settings.

(By the way, the unrelated Host Overrides for DNS Forwarder work and the Domain Overrides for DNS Resolver and DNS Forwarder work.)

(My list of bugs is at http://reedmedia.net/books/pfsense/bugs-20160813.html )

Associated revisions

Revision 2da0fc77
Added by Renato Botelho 2 months ago

Ticket #6712: Create system_hosts_local_entries()

This function will return an array with 127.0.0.1, ::1 and LAN (or
first interface with no gateway when LAN is not there) items to be
added to /etc/hosts

Revision 3d146b13
Added by Renato Botelho 2 months ago

Ticket #6712: Deprecate read_hosts()

Read local items from system_hosts_local_entries()

Revision 46ff0dee
Added by Renato Botelho 2 months ago

Ticket #6712: Create system_hosts_override_entries()

This function will return an array with dnsmasq or unbound items to be added to
/etc/hosts

Revision 236d5816
Added by Renato Botelho 2 months ago

Ticket #6712: Create system_hosts_dhcpd_entries()

This function will return an array with dhcpd and dhcpdv6 items to be added to
/etc/hosts.

Revision 878b7736
Added by Renato Botelho 2 months ago

Ticket #6712: Create system_hosts_entries()

This function will return an array all items to be added to /etc/hosts.

Revision ac446eac
Added by Renato Botelho 2 months ago

Fix #6712

Use system_hosts_entries to generate unbound host_entries.conf

Revision e0696aa4
Added by Renato Botelho 2 months ago

Ticket #6712: Create system_hosts_local_entries()

This function will return an array with 127.0.0.1, ::1 and LAN (or
first interface with no gateway when LAN is not there) items to be
added to /etc/hosts

Revision 881ebd59
Added by Renato Botelho 2 months ago

Ticket #6712: Deprecate read_hosts()

Read local items from system_hosts_local_entries()

Revision 470efdfc
Added by Renato Botelho 2 months ago

Ticket #6712: Create system_hosts_override_entries()

This function will return an array with dnsmasq or unbound items to be added to
/etc/hosts

Revision 829f3ca3
Added by Renato Botelho 2 months ago

Ticket #6712: Create system_hosts_dhcpd_entries()

This function will return an array with dhcpd and dhcpdv6 items to be added to
/etc/hosts.

Revision 82897042
Added by Renato Botelho 2 months ago

Ticket #6712: Create system_hosts_entries()

This function will return an array all items to be added to /etc/hosts.

Revision 983c4c6c
Added by Renato Botelho 2 months ago

Fix #6712

Use system_hosts_entries to generate unbound host_entries.conf

History

#1 Updated by Kill Bill 7 months ago

This certainly works. Would suggest using the forums for help.

#2 Updated by Jeremy C. Reed 7 months ago

Thanks to PiBa-NL on IRC who helped me troubleshoot this down to:
/etc/inc/system.inc

339 // prefer dnsmasq for hosts generation where it's enabled. It relies
340 // on hosts for name resolution of its overrides, unbound does not.
341 if (isset($config['dnsmasq']) && isset($config['dnsmasq']['enable'])) {
342 $dnsmasqcfg = $config['dnsmasq'];
343 } else {
344 $dnsmasqcfg = $config['unbound'];
345 }

Once I disabled dnsmasq it worked (had to save/apply in DNS Resolver first).

Since pfsense allows both to be enabled at same time (consider different Listen ports as documented), please allow both or clearly document and detect and warn.
It would be simple to just make a function for the code and pass dnsmasq or unbound to it.

By the way the comment in code above is misleading, as the read_hosts used for unbound also uses hosts (assume this comment means /etc/hosts).

#3 Updated by Jim Thompson 7 months ago

  • Assignee set to Jeremy Porter

assigned to PIngle for eval, but looks like "not a bug" to me.

#4 Updated by Jim Thompson 7 months ago

  • Category set to Unbound
  • Status changed from New to Assigned
  • Assignee changed from Jeremy Porter to Jim Pingle

wrong assignee

#5 Updated by Jim Pingle 7 months ago

  • Project changed from pfSense Packages to pfSense
  • Category deleted (Unbound)
  • Assignee changed from Jim Pingle to Renato Botelho

Looks like it is a problem but not one most would hit since it's rare to have both enabled.

source:src/etc/inc/unbound.inc#L568 unbound_add_host_entries() is reading /etc/hosts rather than starting with $config['unbound']['hosts'].

When the DNS Forwarder is enabled, its contents are preferred for /etc/hosts since as the comment states, unbound doesn't care about /etc/hosts but dnsmasq does, which means if both are enabled, then the /etc/hosts entries from dnsmasq will be picked up and put in /var/unbound/host_entries.conf rather than what is defined in the GUI for DNS Resolver.

So unbound_add_host_entries() needs to be changed to read the hosts from config.xml not /etc/hosts. The only other reason I can think of why it would read /etc/hosts directly would be to also pick up the automatic entries for localhost and for the firewall itself, so those likely need added as well.

As an alternate tactic, hosts for dnsmasq could be written elsewhere and dnsmasq can be passed the --addn-hosts=/path/to/file parameter so it picks up its own distinct copy.

#6 Updated by Jim Pingle 7 months ago

  • Category set to DNS Resolver
  • Target version set to 2.4.0
  • Affected version set to 2.3.x

#7 Updated by Renato Botelho 2 months ago

  • Status changed from Assigned to Feedback
  • % Done changed from 0 to 100

#8 Updated by Renato Botelho 2 months ago

  • Assignee changed from Renato Botelho to Jim Pingle

Assigning to Jim Pingle for testing

#9 Updated by Jim Pingle 2 months ago

  • Status changed from Feedback to Resolved

Looks good now. Forwarder hosts go in /etc/hosts, Resolver hosts go in /var/unbound/host_entries.conf and they appear to work as expected.

#10 Updated by Jim Pingle about 1 month ago

  • Target version changed from 2.4.0 to 2.3.3

Also available in: Atom PDF