Bug #14479
open
unbound doing qname-minimisation when enabled in unbound gui.
0%
Description
I have not checked 2.7 or 23.05 yet but this came up in a discussion here
https://forum.netgate.com/post/1110945
Seems unbound is now doing qname by default.. So if there is no setting in the conf for qname-minimisation it does it. By default this option in 2.6 is not enabled, but since no entry in the .conf file it is being done. With no way to turn it off without placing an entry in the custom box to set it to no.
Logic should be changed to allow for enable/disable qname from the gui. What it defaults doesn't matter really, but with current logic there is no way to actually turn it off.. And gui reads that it is off by default, but it really isn't since unbound defaults to doing it.
Updated by JohnPoz _ over 1 year ago
here is link to unbound doc's stating they do qname min by default
https://nlnetlabs.nl/documentation/unbound/unbound.conf/
qname-minimisation: <yes or no>
Send minimum amount of information to upstream servers to en-
hance privacy. Only send minimum required labels of the QNAME
and set QTYPE to A when possible. Best effort approach; full
QNAME and original QTYPE will be sent when upstream replies with
a RCODE other than NOERROR, except when receiving NXDOMAIN from
a DNSSEC signed zone. Default is yes.
If this is the case then it should be listed as enabled by default in the gui, and unchecking it the gui should set option to no in the conf, vs just no entry in the conf.
Updated by JohnPoz _ over 1 year ago
Just tested on 23.05 same thing - if you uncheck to do qname in the unbound advanced section, it removes the qname line from the conf, but now unbound defaults to doing qname..