Project

General

Profile

Bug #6064

non-fully qualified hostnames included in hosts file and Unbound local-data

Added by Grischa Zengel about 1 year ago. Updated 4 months ago.

Status:
Resolved
Priority:
Normal
Assignee:
-
Category:
DNS Resolver
Target version:
Start date:
04/02/2016
Due date:
% Done:

0%

Affected version:
All
Affected Architecture:

Description

mydomain: my.private

add test.my.private 127.0.0.1
add test.yours.private 127.0.0.2

> unbound-control -c /var/unbound/unbound.conf list_local_data | grep test
test.yours.private.    3600    IN    A    127.0.0.2
test.    3600    IN    A    127.0.0.2
test.    3600    IN    A    127.0.0.1
2.0.0.127.in-addr.arpa.    3600    IN    PTR    test.yours.local.
test.my.private.    3600    IN    A    127.0.0.1
> ping test
PING test.yours.private (127.0.0.2): 56 data bytes

That's wrong.

It should ping test.my.private=127.0.0.1 because:

> cat /etc/resolv.conf 
nameserver 127.0.0.1
search my.private

You should not add hostnames to unbound. Only FQDN.

Associated revisions

Revision f1db82ac
Added by Chris Buechler 11 months ago

Omit non-qualified hostnames from unbound's local-data. Ticket #6064

Revision cde0ef17
Added by Chris Buechler 11 months ago

Omit non-qualified hostnames from unbound's local-data. Ticket #6064

Revision 0fa68840
Added by Chris Buechler 11 months ago

Exclude non-qualified hostnames from hosts file. Ticket #6064

Revision 350a7001
Added by Chris Buechler 11 months ago

Leave this to 2.4 only for now. Revert "Omit non-qualified hostnames from unbound's local-data. Ticket #6064"

This reverts commit cde0ef17a60cffa4a54f3ab4922b77bc0447d068.

Revision 8d058e79
Added by Chris Buechler 5 months ago

Exclude non-qualified hostnames from hosts file. Ticket #6064

History

#1 Updated by Jim Thompson about 1 year ago

  • Assignee set to Jeremy Porter

#2 Updated by Chris Buechler about 1 year ago

  • Subject changed from unbound: resolve host name to wrong domain to non-fully qualified hostnames included in hosts file and Unbound local-data
  • Status changed from New to Confirmed
  • Target version changed from 2.3 to 2.3.1
  • Affected version changed from 2.3 to All

Subject is the issue. You end up with a hosts file like:

1.2.3.4    test.my.private test
2.2.2.2    test.your.private test

and you end up with a round-robin from Unbound.

;; ANSWER SECTION:
test.            3600    IN    A    8.8.8.8
test.            3600    IN    A    1.2.3.4
test.            3600    IN    A    2.2.2.2

with host_entries.conf file:

local-zone: "my.private" transparent
local-data-ptr: "127.0.0.1 localhost" 
local-data: "localhost A 127.0.0.1" 
local-data: "localhost.my.private A 127.0.0.1" 
local-data-ptr: "::1 localhost" 
local-data: "localhost AAAA ::1" 
local-data: "localhost.my.private AAAA ::1" 
local-data-ptr: "192.168.64.1 pfs23-test1.my.private" 
local-data: "pfs23-test1.my.private A 192.168.64.1" 
local-data: "pfs23-test1 A 192.168.64.1" 
local-data-ptr: "fc00::1 pfs23-test1.my.private" 
local-data: "pfs23-test1.my.private AAAA fc00::1" 
local-data: "pfs23-test1 AAAA fc00::1" 
local-data-ptr: "8.8.8.8 test.buechler.lan" 
local-data: "test.buechler.lan A 8.8.8.8" 
local-data: "test A 8.8.8.8" 
local-data-ptr: "1.2.3.4 test.my.private" 
local-data: "test.my.private A 1.2.3.4" 
local-data: "test A 1.2.3.4" 
local-data-ptr: "2.2.2.2 test.your.private" 
local-data: "test.your.private A 2.2.2.2" 
local-data: "test A 2.2.2.2" 

It should be as easy as omitting non-FQDNs from host_entries.conf and /etc/hosts, but I have a feeling we'll break something by doing so, and it will need some time for testing. Post-2.3.

#3 Updated by Grischa Zengel about 1 year ago

  1. As pfsense user/admin I wouldn't expect to have unbound entries in /etc/hosts
    • It's better to have a extra table for /etc/hosts entries.
      Especially If you use Split-horizon DNS (Pfsense use external IPs and DNS client have to use internal IPs).
      \-or-
    • check mark entries to use them in /etc/hosts
  2. The format of the input form is historical and should have an other format in future
    • Don't split hostname and domain. Use FQDN and split it if necessary.
      • Necessary are only <entered FQDN> = (.*)\.<local domain>
    • I like to use a lot of "real" aliases and like to see what's the real host if I ping this.
      \>ping intranet.mydomain.local
      PING server3.mydomain.local (172.19.19.102) 56(84) bytes of data.
    • Deleting multiple entries at once. (Check marks)
    • Importing entries from csv
    • A text input area which will be pasted to an user zone file

For the second point should I open a separate feature issue?

#4 Updated by Chris Buechler about 1 year ago

  • Target version changed from 2.3.1 to 2.3.2

#5 Updated by Chris Buechler 11 months ago

  • Status changed from Confirmed to Feedback
  • Target version changed from 2.3.2 to 2.4.0

fix pushed to master/2.4 only, as that'll need more widespread testing than 2.3.2 will get before release.

#6 Updated by Luke Hamburg 8 months ago

This didn't make it into 2.3.2_p1 right? Just checking. FWIW I have been running a couple of patched systems with this fix for a few months on 2.3.2 and have had zero issues with it.

#7 Updated by Renato Botelho 4 months ago

  • Assignee deleted (Jeremy Porter)

#8 Updated by Jim Pingle 4 months ago

  • Status changed from Feedback to Resolved
  • Target version changed from 2.4.0 to 2.3.3

Also available in: Atom PDF