Project

General

Profile

Actions

Bug #5413

open

Incorrect Handling of Unbound Resolver [service restarts, cache loss, DNS service interruption]

Added by ky41083 - almost 6 years ago. Updated 8 months ago.

Status:
Confirmed
Priority:
High
Category:
DNS Resolver
Target version:
Start date:
11/10/2015
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
All
Affected Architecture:

Description

The right way to handle local DNS changes, for Unbound at least, would basically be to do the opposite of what is being done now. Rather than write to the config files and bounce the service, you would use unbound-control to tell Unbound about the local DNS changes.

Discussion here: https://forum.pfsense.org/index.php?topic=89589.0
Full rough draft solution here: https://forum.pfsense.org/index.php?topic=89589.msg568043#msg568043

Quick and dirty rough draft summary... doubt code syntax is even completely right (if I had more time it would be, leave it up to who codes it), but this method is the only right one. The only other solution would be to remove Unbound completely and replace it with something else (please don't, it works very well when used correctly).

Functions like this:
$unbound_entries .= "local-data: \"{$host['fqdn']} {$type} {$host['ipaddr']}\"\n";

Should be changed to something like this:
$unbound_cmd .= "unbound-control local_data {$host['fqdn']} {$type} {$host['ipaddr']}";

And NEVER EVER bounce the Unbound service. Ever. It is completely unnecessary.

Initial service start / user initiated service restart should probably use the same unbound-control calls for managing all local DNS entries, to prevent both modifying Unbound config files and calling unbound-control to do the same exact thing. Plus it's cleaner, now we don't have 2 code paths to maintain (config files & unbound-control), and we don't use more RAM to store unneeded config file entries.

Additional implementation considerations can be found in the cited post above.


Files

resolver.log (500 KB) resolver.log Dmitriy K, 05/30/2017 03:30 PM

Related issues

Related to Bug #11553: Unbound does not restart properly sometimes when DHCP Registration is enabledDuplicate02/26/2021

Actions
Related to Bug #10624: Unbound configuration memory leak with python module + register DHCP leases activeNew06/02/2020

Actions
Related to Regression #11316: Unbound crashes with signal 11 when reloadingFeedbackRenato Botelho01/26/2021

Actions
Actions

Also available in: Atom PDF