Actions
Regression #13767
closed
Refuse Nonlocal action in DNS Resolver access list breaks configuration file
Start date:
Due date:
% Done:
100%
Estimated time:
Plus Target Version:
23.01
Release Notes:
Force Exclusion
Affected Version:
2.7.0
Affected Architecture:
amd64
Description
2.7.0-DEVELOPMENT (amd64)
built on Fri Dec 16 06:05:53 UTC 2022
FreeBSD 14.0-CURRENT
After upgrading to the latest 2.7.0-DEVELOPMENT, the DNS Resolver fails to start if there exists at least one access list with a "Refuse Nonlocal" action. The service reports that the "nonlocal" keyword in the configuration is not known. When modifying an existing or creating a new access list with this action, the error is also displayed on the web GUI.
Repro:
1. In the Web GUI, navigate to Services > DNS Resolver > Acces Lists
2. Set the Action to "Refuse Nonlocal" on an existing or new access list
3. Press the Save button, then press Apply Changes
4. Navigate to the General Settings tab, press the Save button, then press Apply Changes
- An error is displayed on the Web GUI about unbound failing to parse the configuration file, because "nonlocal" is not a known keyword
- The unbound service fails to restart
- The configuration is saved without errors, and unbound restarts successfully
- Set the action to Allow, Deny, Refuse, or Allow Snoop, so that the "nonlocal" keyword is not added to the configuration
Updated by 
Updated by 
Updated by
Actions