2.2.1 #4332 Added a check to test if Unbound is enabled and using the same port
-
This broke my config.
I was happily running Unbound on some interfaces and dnsmasq on a non-conflicting subset of other interfaces (Like a VLAN/SSID for a 15-yo who has forced me to use OpenDNS.) I can no longer do that.
I'll see if there's a way to force a set of source IP addresses into forwarding mode for Unbound but I thought I'd mention the reduction in flexibility.
ETA: Doesn't look like unbound supports any split-horizon/views.
EATA: I worked around this by binding dnsmasq to localhost:8053 and using a port forward on the specific network.
-
Kinda unsure how this could have broken your config, because before this, it was not possible to run both at the same time at all… ??? :o
-
They ran just fine together as long as the listening interfaces did not conflict and I used strict interface binding on dnsmasq.
-
That may be well possible but that configuration was NOT possible at all without hacking the pfSense code.
https://redmine.pfsense.org/projects/pfsense/repository/revisions/0fe628a62fe1e7b3d1afa20bf235a4dcbdaa44b4/diff/usr/local/www/services_unbound.php
-
Looks like the last change I made was to enable the forwarder after switching to unbound. There was no check at all for unbound being enabled when enabling the forwarder.
https://redmine.pfsense.org/projects/pfsense/repository/revisions/06e847a72929245fd8bc71c26b309bb3b7d71921/diff/usr/local/www/services_dnsmasq.php
That makes sense since the requirement to force this network to OpenDNS was the more recent change. I remember being pleased it actually worked.
It looks like I probably would have hit the same problem (with the old test/error message) when saving any unbound changes, regardless of 2.2.1.