1. Home
  2. pfSense Packages
  3. Unbound package - enable forwarding still no-op

Unbound package - enable forwarding still no-op

  • D
    Banned

    As mentioned here 2+ years ago, the "Enable forwarding mode" button is simply not working at all.

    
$ unbound-control forward
off (using root hints)

$ unbound-control list_forwards
$

    ???

    0
  • W

    But 'list_forwards' lists the forward zones in use.

    The 'Enable forwarding mode' grabs the name servers from your config in 'General Setup'.

    Works for me:

    [2.1-RELEASE][admin@pfSense.localdomain]/root(5): unbound-control forward
off (using root hints)

    then enabling the checkbox:

    
[2.1-RELEASE][admin@pfSense.localdomain]/root(6): unbound-control forward
10.27.50.1 127.0.0.1
    0
  • D
    Banned

    As said, this plain does not work here on any box unless configured manually, i.e., like

    forward-zone:; name: "."; forward-addr: 8.8.8.8; forward-addr: 8.8.4.4;

    (And yeah, I did check the generated unboud.conf file, no mention of any forwarding there when using the checkbox.)

    0
  • W

    It doesn't add a forward-zone configuration section. The checkbox just forces it to execute:

    
unbound-control forward nameserver_1 nameserver_2 ...

    Do you have any DNS servers configured in 'General Setup'?

    0
  • W

    @wagonza:

    It doesn't add a forward-zone configuration section. The checkbox just forces it to execute:

    
unbound-control forward nameserver_1 nameserver_2 ...

    I suppose I could change it so that it does add a forward-zone section…

    0
  • D
    Banned

    Yes, I do have  DNS servers configured in 'General Setup'. Regardless, the only result is this, i.e., ticking the checkbox and clicking Save does not produce any action here.

    
$ unbound-control forward
off (using root hints)

    Now,

    
$ unbound-control forward 8.8.8.8 8.8.4.4
ok
$ unbound-control forward
8.8.4.4 8.8.8.8

    Afraid the code is somehow broken. Otherwise yeah, using the config file sounds like a whole lot less confusing and more reliable way to do this.

    0
  • W

    Ok odd.

    Anyway I have modified it to add forward-zone configuration syntax

    
[2.1-RELEASE][admin@pfSense.localdomain]/root(79): unbound-control forward
127.0.0.1 10.27.50.1
[2.1-RELEASE][admin@pfSense.localdomain]/root(80): unbound-control list_forwards
. IN forward: 127.0.0.1 10.27.50.1
[2.1-RELEASE][admin@pfSense.localdomain]/root(81):

    I have bumped the version as well. Let me know if it works for you.

    0
  • D
    Banned

    @wagonza:

    Let me know if it works for you.

    OK, it does not. However, I guess we are getting somewhere, since it turns out now why it did not work in the first place with previous package version, the list of DNS servers turns out to be empty.

    
$ unbound-control forward

$  unbound-control list_forwards
. IN forward:

    Huh… Call me confused. Have you tested this with 2.1.1 prerelease version? I guess something got changed there?

    0
  • W

    Whats the contents of /etc/resolv.conf?

    I added a safety belt to avoid adding an empty forward configuration.

    0
  • D
    Banned

    @wagonza:

    Whats the contents of /etc/resolv.conf?

    
domain testdomain.local
nameserver 127.0.0.1
nameserver 217.31.204.130
nameserver 193.29.206.206
    0
  • W

    Ok i think i found the problem. Do you have any /var/etc/nameserver_* files which might have be empty?

    0
  • D
    Banned

    @wagonza:

    Ok i think i found the problem. Do you have any /var/etc/nameserver_* files which might have be empty?

    Hmmm, afraid no such thing there.

    
$ ls -la /var/etc/nameserver_*
ls: No match.
    0
  • W

    Weird. The name servers are returned by either of two functions get_dns_servers() or get_nameservers(). The latter is if the DNS servers are overridden by DHCP. So I would assume yours is handled by get_dns_servers() - which reads the contents of resolv.conf and returns the values.

    If you go to 'Diagnostics -> Command prompt' and execute the following PHP code, it should return the name servers you listed.

    
print_r(get_dns_servers());
    0
  • D
    Banned

    @wagonza:

    If you go to 'Diagnostics -> Command prompt' and execute the following PHP code, it should return the name servers you listed.

    
print_r(get_dns_servers());

    Yes, that works…

    
Array
(
    [0] => 127.0.0.1
    [1] => 217.31.204.130
    [2] => 193.29.206.206
)
    0
  • W

    Ok so thats right - i pushed a patch which swopped some logic around so if you can just reinstall the package and let me know if its any better.

    0
  • D
    Banned

    @wagonza:

    i pushed a patch which swopped some logic around so if you can just reinstall the package and let me know if its any better.

    Excellent… all good now!  8)

    0
  • W

    Brilliant - thanks for the help in trouble shooting.

    0
  • D
    Banned

    Thanks a lot for quick fix!

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy