Project

General

Profile

Actions

Bug #11051

closed

Unbound: custom TLS listen port ignored

Added by Brad Edmondson over 3 years ago. Updated over 3 years ago.

Status:
Resolved
Priority:
Low
Assignee:
Viktor Gurov
Category:
DNS Resolver
Target version:
Start date:
11/10/2020
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.4.5-p1
Affected Architecture:

Description

Using latest stable pfSense: 2.4.5-RELEASE-p1 (amd64)

Attempting to configure two-tier DNS cache, using either BIND or DNS Forwarder (dnsmasq) for first-level cache and for local DHCP names (due to #5413), and using DNS Resolver (unbound) at the second level to take advantage of DNSBL. I set BIND/dnsmasq to port 53 and 853 for TLS (BIND only), and intend to run DNS Forwarder (Unbound) on loopback address ports 5053 and 5853, respectively. Although I can set both of these in the Unbound GUI (services_unbound.php), the second setting, for TLS port, is not applied to the config file, so when the Unbound service restarts it listens on 5053 for unencrypted and 853 for encrypted. I've tried a few different port numbers for both, and the unencrypted port configuration is always applied while the encrypted port is never applied (always stays 853).

I think this is a problem with the GUI/pfSense, because when I ssh in and review the unbound config file at /var/unbound/unbound.conf, I can see the port: setting get updated while the tls-port: setting remains 853. I even manually set tls-port: 5853 in unbound.conf and it was changed back to 853 the next time I saved changes in the GUI.

Actions

Also available in: Atom PDF