Replacing unbound/dnsmasq with custom resolver package


  • I am porting a DNS resolver to pfSense. One issue I am having is since we are replacing the built-in DNS Resolver or Forwarder which gets disabled, in the DHCP service if it was left configured with blank DNS servers as is default it is now using the system default DNS servers instead of the interface's IP address, which is undesired.

    I've tried making pfSense think that my package is a system DNS resolver by adding the following to the package xml file:

    Which I copied from the unbound package in github, but that doesn't seem to help.

    Is there anything I can do, or is my only option to make my package configure the DHCP DNS entries on the system manually to the interface IPs?

    And just a heads up, I will have another unrelated question about what the best method is to offer our pfSense package to customers that want to manually install it instead of buying a pre-staged device from us, will be another post.


  • Well I think I found the code that does what I'm referring to, https://github.com/pfsense/pfsense/blob/2605e6d75d52961e01dacf99a97942a183e90635/src/etc/inc/services.inc#L721 specifically checks whether unbound or dnsmasq are enabled and if they are sets the interface IP, otherwise uses system IP.

    Not really what I was hoping to find out, but I guess I'll add a function to my package that sets the DHCP DNS entries on it's own.

    Related to this, if the IP address of an interface changes, my package needs to know so it can update this and also some firewall rules that it creates. Would the <custom_php_resync_config_command>config take care of that?

    Also does anyone know what actually does?</custom_php_resync_config_command>


  • Just continuing to answer my own questions here. It looks like the <dns>system_services entry is likely related to a pull requests here https://github.com/pfsense/pfsense/pull/679/commits/513d61a8934989be0b9332d29d0f80926302344e#diff-163d9a46abf34586e1f87297c7670978R193 that was never actually merged.
    So basically it does nothing at this time.

    But it would be really great if that function would exist as mentioned in the pull request. Instead of hard coding a check for specifically unbound or dnsmasq if any package that provides the DNS system service is enabled then those triggers would apply.

    Since pfSense is open source I may send a new pull request myself at some point when I'm done my current port.

    What I've done in my package is I wrote some code that configures unbound on a non-standard port and makes it enabled while making sure dnsmasq is disabled. Just so that any pfSense functions that depend on the DNS Resolver/Forwarder (which we've replaced) being enabled will work.</dns>