Bug #6064
closed
non-fully qualified hostnames included in hosts file and Unbound local-data
Added by Grischa Zengel over 8 years ago.
Updated over 7 years ago.
Description
mydomain: my.private
add test.my.private 127.0.0.1
add test.yours.private 127.0.0.2
> unbound-control -c /var/unbound/unbound.conf list_local_data | grep test
test.yours.private. 3600 IN A 127.0.0.2
test. 3600 IN A 127.0.0.2
test. 3600 IN A 127.0.0.1
2.0.0.127.in-addr.arpa. 3600 IN PTR test.yours.local.
test.my.private. 3600 IN A 127.0.0.1
> ping test
PING test.yours.private (127.0.0.2): 56 data bytes
That's wrong.
It should ping test.my.private=127.0.0.1 because:
> cat /etc/resolv.conf
nameserver 127.0.0.1
search my.private
You should not add hostnames to unbound. Only FQDN.
- Assignee set to Jeremy Porter
- Subject changed from unbound: resolve host name to wrong domain to non-fully qualified hostnames included in hosts file and Unbound local-data
- Status changed from New to Confirmed
- Target version changed from 2.3 to 2.3.1
- Affected Version changed from 2.3 to All
Subject is the issue. You end up with a hosts file like:
1.2.3.4 test.my.private test
2.2.2.2 test.your.private test
and you end up with a round-robin from Unbound.
;; ANSWER SECTION:
test. 3600 IN A 8.8.8.8
test. 3600 IN A 1.2.3.4
test. 3600 IN A 2.2.2.2
with host_entries.conf file:
local-zone: "my.private" transparent
local-data-ptr: "127.0.0.1 localhost"
local-data: "localhost A 127.0.0.1"
local-data: "localhost.my.private A 127.0.0.1"
local-data-ptr: "::1 localhost"
local-data: "localhost AAAA ::1"
local-data: "localhost.my.private AAAA ::1"
local-data-ptr: "192.168.64.1 pfs23-test1.my.private"
local-data: "pfs23-test1.my.private A 192.168.64.1"
local-data: "pfs23-test1 A 192.168.64.1"
local-data-ptr: "fc00::1 pfs23-test1.my.private"
local-data: "pfs23-test1.my.private AAAA fc00::1"
local-data: "pfs23-test1 AAAA fc00::1"
local-data-ptr: "8.8.8.8 test.buechler.lan"
local-data: "test.buechler.lan A 8.8.8.8"
local-data: "test A 8.8.8.8"
local-data-ptr: "1.2.3.4 test.my.private"
local-data: "test.my.private A 1.2.3.4"
local-data: "test A 1.2.3.4"
local-data-ptr: "2.2.2.2 test.your.private"
local-data: "test.your.private A 2.2.2.2"
local-data: "test A 2.2.2.2"
It should be as easy as omitting non-FQDNs from host_entries.conf and /etc/hosts, but I have a feeling we'll break something by doing so, and it will need some time for testing. Post-2.3.
- As pfsense user/admin I wouldn't expect to have unbound entries in /etc/hosts
- It's better to have a extra table for /etc/hosts entries.
Especially If you use Split-horizon DNS (Pfsense use external IPs and DNS client have to use internal IPs).
\-or-
- check mark entries to use them in /etc/hosts
- The format of the input form is historical and should have an other format in future
- Don't split hostname and domain. Use FQDN and split it if necessary.
- Necessary are only <entered FQDN> = (.*)\.<local domain>
- I like to use a lot of "real" aliases and like to see what's the real host if I ping this.
\>ping intranet.mydomain.local
PING server3.mydomain.local (172.19.19.102) 56(84) bytes of data.
- Deleting multiple entries at once. (Check marks)
- Importing entries from csv
- A text input area which will be pasted to an user zone file
For the second point should I open a separate feature issue?
- Target version changed from 2.3.1 to 2.3.2
- Status changed from Confirmed to Feedback
- Target version changed from 2.3.2 to 2.4.0
fix pushed to master/2.4 only, as that'll need more widespread testing than 2.3.2 will get before release.
This didn't make it into 2.3.2_p1 right? Just checking. FWIW I have been running a couple of patched systems with this fix for a few months on 2.3.2 and have had zero issues with it.
- Assignee deleted (
Jeremy Porter)
- Status changed from Feedback to Resolved
- Target version changed from 2.4.0 to 2.3.3
Also available in: Atom
PDF