Bug #6712
closed
services_unbound.php Host Overrides don't change any unbound configuration
Added by Jeremy C. Reed over 8 years ago.
Updated almost 8 years ago.
Description
services_unbound.php
I cannot get any Host Override to be configured with unbound.
/var/unbound/host_entries.conf lists my /etc/hosts entries but
not my override entries.
My config.xml has my <hosts> details for <unbound> but I don't see it
at all in my /var/unbound settings.
(By the way, the unrelated Host Overrides for DNS Forwarder work and the Domain Overrides for DNS Resolver and DNS Forwarder work.)
(My list of bugs is at http://reedmedia.net/books/pfsense/bugs-20160813.html )
This certainly works. Would suggest using the forums for help.
Thanks to PiBa-NL on IRC who helped me troubleshoot this down to:
/etc/inc/system.inc
339 // prefer dnsmasq for hosts generation where it's enabled. It relies
340 // on hosts for name resolution of its overrides, unbound does not.
341 if (isset($config['dnsmasq']) && isset($config['dnsmasq']['enable'])) {
342 $dnsmasqcfg = $config['dnsmasq'];
343 } else {
344 $dnsmasqcfg = $config['unbound'];
345 }
Once I disabled dnsmasq it worked (had to save/apply in DNS Resolver first).
Since pfsense allows both to be enabled at same time (consider different Listen ports as documented), please allow both or clearly document and detect and warn.
It would be simple to just make a function for the code and pass dnsmasq or unbound to it.
By the way the comment in code above is misleading, as the read_hosts used for unbound also uses hosts (assume this comment means /etc/hosts).
- Assignee set to Jeremy Porter
assigned to PIngle for eval, but looks like "not a bug" to me.
- Category set to Unbound
- Status changed from New to Assigned
- Assignee changed from Jeremy Porter to Jim Pingle
- Project changed from pfSense Packages to pfSense
- Category deleted (
Unbound)
- Assignee changed from Jim Pingle to Renato Botelho
Looks like it is a problem but not one most would hit since it's rare to have both enabled.
source:src/etc/inc/unbound.inc#L568 unbound_add_host_entries() is reading /etc/hosts rather than starting with $config['unbound']['hosts'].
When the DNS Forwarder is enabled, its contents are preferred for /etc/hosts since as the comment states, unbound doesn't care about /etc/hosts but dnsmasq does, which means if both are enabled, then the /etc/hosts entries from dnsmasq will be picked up and put in /var/unbound/host_entries.conf rather than what is defined in the GUI for DNS Resolver.
So unbound_add_host_entries() needs to be changed to read the hosts from config.xml not /etc/hosts. The only other reason I can think of why it would read /etc/hosts directly would be to also pick up the automatic entries for localhost and for the firewall itself, so those likely need added as well.
As an alternate tactic, hosts for dnsmasq could be written elsewhere and dnsmasq can be passed the --addn-hosts=/path/to/file parameter so it picks up its own distinct copy.
- Category set to DNS Resolver
- Target version set to 2.4.0
- Affected Version set to 2.3.x
- Status changed from Assigned to Feedback
- % Done changed from 0 to 100
- Assignee changed from Renato Botelho to Jim Pingle
Assigning to Jim Pingle for testing
- Status changed from Feedback to Resolved
Looks good now. Forwarder hosts go in /etc/hosts, Resolver hosts go in /var/unbound/host_entries.conf and they appear to work as expected.
- Target version changed from 2.4.0 to 2.3.3
Also available in: Atom
PDF
Updated by Kill Bill 
Updated by 
Updated by 
Updated by 
Updated by