Re: local-unbound vs. dns/unbound
- Reply: Dag-Erling_Smørgrav : "Re: local-unbound vs. dns/unbound"
- In reply to: John R. Levine: "Re: local-unbound vs. dns/unbound"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Wed, 27 Mar 2024 08:03:48 UTC
On 26 Mar 2024 18:01:34 -0400 "John R. Levine" <johnl@iecc.com> wrote: > >> > >> It's a copy of unbound with a setup script that configures it as > >> a cache to run on 127.0.0.1. It looks in /etc/resolv.conf to use > >> any DNS forwarding you've set up and some other places for > >> stuff that seems more exotic. > > > Thanks. I'm not too fussed about using the latest version, as long as > > functionality is mostly the same. I'll play around with local-unbound > > and see if I can make it work for my use cases. > > As far as I know, it's the same program with a different setup script. > > My main concern is that the setup script might overrwrite your changes > when you do a system upgrade. > > Regards, > John Levine, johnl@taugh.com, Primary Perpetrator of "The Internet for Dummies", > Please consider the environment before reading this e-mail. https://jl.ly Hello, I had a look at it and it appears people already thought of this: # ls -l /var/unbound/ total 24 drwxr-xr-x 2 unbound unbound 512 Nov 10 07:07 conf.d -rw-r--r-- 1 root unbound 193 Mar 27 07:25 control.conf -rw-r--r-- 1 root unbound 223 Mar 27 07:25 forward.conf -rw-r--r-- 1 root unbound 189 Mar 27 07:25 lan-zones.conf -rw-r--r-- 1 unbound unbound 758 Mar 27 07:25 root.key -rw-r--r-- 1 root unbound 411 Mar 27 07:25 unbound.conf In the conf.d directory I can put my customisations that get included via unbound.conf The only issue I found is that the logic in /etc/rc.d/local_unbound script is a bit buggy. With no config files in /var/unbound it generates correct config: # sysrc local_unbound_enable=YES # sysrc local_unbound_tls=YES # sysrc local_unbound_forwarders="1.0.0.1@853#one.one.one.one 1.1.1.1@853#one.one.one.one" # service local_unbound start Performing initial setup. destination: Extracting forwarders from /etc/resolv.conf. /var/unbound/forward.conf created /var/unbound/lan-zones.conf created /var/unbound/control.conf created /var/unbound/unbound.conf created /etc/resolvconf.conf created Original /etc/resolv.conf saved as /var/backups/resolv.conf. 20240327.070818 Starting local_unbound. However if I later decide for example, to disable TLS: # service local_unbound stop # sysrc local_unbound_tls=NO local_unbound_tls: YES -> NO # service local_unbound start Starting local_unbound. Waiting for nameserver to start... good No config files are updated and TLS is still enabled: # cat /var/unbound/forward.conf # This file was generated by local-unbound-setup. # Modifications will be overwritten. forward-zone: name: . forward-tls-upstream: yes forward-addr: 1.0.0.1@853#one.one.one.one forward-addr: 1.1.1.1@853#one.one.one.one This is due to this function in /etc/rc.d/local_unbound which runs setup only if unbound config file is missing. local_unbound_prestart() { # Create configuration file if [ ! -f ${local_unbound_config} ] ; then run_rc_command setup fi # Retrieve DNSSEC root key if [ ! -s ${local_unbound_anchor} ] ; then run_rc_command anchor fi } I guess the workaround is to "rm -f /var/unbound/*" after changes to rc.conf