https://redmine.pfsense.org/https://redmine.pfsense.org/favicon.ico?16780521162016-04-05T18:23:43ZpfSense bugtrackerpfSense - Bug #6072: Unbound: Advanced options does not workhttps://redmine.pfsense.org/issues/6072?journal_id=260772016-04-05T18:23:43ZChris Buechlercbuechler@gmail.com
<ul><li><strong>Status</strong> changed from <i>New</i> to <i>Not a Bug</i></li><li><strong>Target version</strong> deleted (<del><i>2.3.1</i></del>)</li><li><strong>Affected Version</strong> deleted (<del><i>2.2.x</i></del>)</li></ul><p>Not seeing a problem here. Yeah that doesn't work as it's not valid. If you try to add that in a config where it will fail, you end up with: <br /><pre>
The following input errors were detected:
The generated config file cannot be parsed by unbound. Please correct the following errors:
/var/unbound/test/unbound.conf:89: error: syntax error
read /var/unbound/test/unbound.conf failed: 1 errors in configuration file
</pre></p>
<p>and cannot save the config.</p>
<p>Regardless, this is addressed with <a class="issue tracker-1 status-3 priority-4 priority-default closed" title="Bug: Unbound: It's not possible to add 0.0.0.0/0 to access list (Resolved)" href="https://redmine.pfsense.org/issues/6073">#6073</a>.</p> pfSense - Bug #6072: Unbound: Advanced options does not workhttps://redmine.pfsense.org/issues/6072?journal_id=260782016-04-05T20:14:26ZGrischa Zengel
<ul></ul><ol>
<li>With 2.2.x you won't see this error. Unbound even won't start.</li>
<li>"access-control: 0.0.0.0/0 allow" is an right command and works until you config Domain Overrides.</li>
</ol>
<p>The problem is, the order of the commands.</p>
For testing:
<ol>
<li>Take a plain pfsense</li>
<li>add custom options (in 2.2.x advanced options): harden-dnssec-stripped: yes
<ul>
<li>You can apply, it works and you didn't get an error</li>
</ul>
</li>
<li>configure Domain Overrides
<ul>
<li>Now apply - unbound crashes, but you didn't see an error</li>
<li>Press save again and you get an error</li>
</ul></li>
</ol>
<p><strong>The problem is the section. It changes for the custom options from server to stub-zone if you add Domain Overrides.</strong></p>
<p>Who knows this?</p>
My suggestion:
<ol>
<li>Put the custom options in front of include domainoverrides.conf.
<ul>
<li>domainoverrides changes the section by its own, so nothing happens if there a section changes inside the custom options.</li>
</ul>
</li>
<li>Why didn't I see the crash after adding the Domain Overrides? There is no error detection if no save button pressed.</li>
<li>Put a note under the custom options field, that the commands are always in server: section and the section can be changed by user with keywords.</li>
</ol> pfSense - Bug #6072: Unbound: Advanced options does not workhttps://redmine.pfsense.org/issues/6072?journal_id=261032016-04-06T21:02:48ZGrischa Zengel
<ul></ul><p>I thought about this a second time:</p>
<p>To avoid any confusion with this setting put always a "server:" in front of custom settings.</p>