Unbound: Host Override ignoring "domain" portion for unqualified queries?

cmb · Jul 14, 2016, 9:20 PM

Prior to 2.3.2, the non-fully qualified hostname was put in the hosts file and in Unbound's config, without any consideration for the domain. So if you had abc.example.com and abc.example.net pointing to two diff IPs, doing a lookup on just "abc" would result in a round-robin reply with both IPs.

In 2.3.2+, the non-FQDN hostnames are excluded entirely from hosts (for the host itself and dnsmasq) and Unbound's config, so that won't happen.

luckman212 · Jul 14, 2016, 10:59 PM

Ah, ok – I'll test w/ 2.3.2 snapshot

thanks Cmb ;)

johnpoz · Jul 15, 2016, 10:35 AM

So it was WAD then ;) glad to see it being changed.. Looks like some good stuff coming in 2.3.2.. Might have to move to it early as well ;)

luckman212 · Jul 15, 2016, 11:38 AM

@cmb:

In 2.3.2+, the non-FQDN hostnames are excluded entirely from hosts (for the host itself and dnsmasq) and Unbound's config, so that won't happen.

I upgraded to 2.3.2.a.20160714.1554, deleted my Host Override and then re-added it. But I'm still seeing the same result as before. When I query for the unqualified host (pve01) I get back both IPs from Unbound. Do I need to change some other settings somewhere to see the new behavior?

johnpoz · Jul 15, 2016, 11:43 AM

check your host file, guess is left those in there since you did an upgrade.

luckman212 · Jul 15, 2016, 3:10 PM

I checked /etc/hosts I see that there are in fact 2 entries for the "pve01" unqualified hostname

1.2.3.4          pve01.foobar.xyz pve01
192.168.20.31    pve01.baz pve01

Like I said, I deleted the Host Override, confirmed that it was completely gone from /etc/hosts and then re-added it. But again it puts back the line:

1.2.3.4          pve01.foobar.xyz pve01

Maybe I'm not on the right snapshot??

cmb · Jul 15, 2016, 6:04 PM

Oh, misremembered where I pushed that. It's in 2.4 only, as 2.3.2 has minimal time for baking in snapshots and I'm thinking that's likely going to trigger some regression in some edge case.

You can apply the diffs from the two commits on this ticket.
https://redmine.pfsense.org/issues/6064

https://redmine.pfsense.org/projects/pfsense/repository/revisions/f1db82aca3f260921ce0c5f71ff3a93149ffebc0/diff/src/etc/inc/unbound.inc
https://redmine.pfsense.org/projects/pfsense/repository/revisions/0fa68840504f6866901e0d02819d43a3ce9f9578/diff/src/etc/inc/system.inc

luckman212 · Jul 15, 2016, 6:44 PM

Ok thanks again.

Just to clarify, the correct way to do what you are suggesting:

Install System_Patches package
create 2 patches, reference the following 2 commits:

f1db82aca3f260921ce0c5f71ff3a93149ffebc0
0fa68840504f6866901e0d02819d43a3ce9f9578

```3) Apply

I did this and it seemed to work….. just making sure

also......How can we begin testing 2.4?

cmb · Jul 15, 2016, 7:11 PM

Yes, that's correct.

We'll have 2.4 snapshots out before too long, then we'll have a board up here for testers.

luckman212 · Aug 22, 2016, 12:40 PM

Just wanted to report back, been running that patch with no ill effects for just about a week now. Has been working fine.

edit: Been well over a month now, running those patches and they are not causing any problems at all for me. Not sure how far off 2.4 is but it would definitely be nice to see these committed for 2.3.3.