Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    2.2.1 #4332 Added a check to test if Unbound is enabled and using the same port

    Scheduled Pinned Locked Moved DHCP and DNS
    5 Posts 2 Posters 910 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • DerelictD
      Derelict LAYER 8 Netgate
      last edited by

      This broke my config.

      I was happily  running Unbound on some interfaces and dnsmasq on a non-conflicting subset of other interfaces (Like a VLAN/SSID for a 15-yo who has forced me to use OpenDNS.)  I can no longer do that.

      I'll see if there's a way to force a set of source IP addresses into forwarding mode for Unbound but I thought I'd mention the reduction in flexibility.

      ETA: Doesn't look like unbound supports any split-horizon/views.

      EATA: I worked around this by binding dnsmasq to localhost:8053 and using a port forward on the specific network.

      Chattanooga, Tennessee, USA
      A comprehensive network diagram is worth 10,000 words and 15 conference calls.
      DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
      Do Not Chat For Help! NO_WAN_EGRESS(TM)

      1 Reply Last reply Reply Quote 0
      • D
        doktornotor Banned
        last edited by

        Kinda unsure how this could have broken your config, because before this, it was not possible to run both at the same time at all…  ??? :o

        1 Reply Last reply Reply Quote 0
        • DerelictD
          Derelict LAYER 8 Netgate
          last edited by

          They ran just fine together as long as the listening interfaces did not conflict and I used strict interface binding on dnsmasq.

          Chattanooga, Tennessee, USA
          A comprehensive network diagram is worth 10,000 words and 15 conference calls.
          DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
          Do Not Chat For Help! NO_WAN_EGRESS(TM)

          1 Reply Last reply Reply Quote 0
          • D
            doktornotor Banned
            last edited by

            That may be well possible but that configuration was NOT possible at all without hacking the pfSense code.

            https://redmine.pfsense.org/projects/pfsense/repository/revisions/0fe628a62fe1e7b3d1afa20bf235a4dcbdaa44b4/diff/usr/local/www/services_unbound.php

            1 Reply Last reply Reply Quote 0
            • DerelictD
              Derelict LAYER 8 Netgate
              last edited by

              Looks like the last change I made was to enable the forwarder after switching to unbound.  There was no check at all for unbound being enabled when enabling the forwarder.

              https://redmine.pfsense.org/projects/pfsense/repository/revisions/06e847a72929245fd8bc71c26b309bb3b7d71921/diff/usr/local/www/services_dnsmasq.php

              That makes sense since the requirement to force this network to OpenDNS was the more recent change.  I remember being pleased it actually worked.

              It looks like I probably would have hit the same problem (with the old test/error message) when saving any unbound changes, regardless of 2.2.1.

              Chattanooga, Tennessee, USA
              A comprehensive network diagram is worth 10,000 words and 15 conference calls.
              DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
              Do Not Chat For Help! NO_WAN_EGRESS(TM)

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.