[Bug 248102] [local_unbound] default config file violates RFC

[bugzilla-noreply at freebsd.org]

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=248102

            Bug ID: 248102
           Summary: [local_unbound] default config file violates RFC
           Product: Base System
           Version: Unspecified
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Some People
          Priority: ---
         Component: standards
          Assignee: standards at FreeBSD.org
          Reporter: walter.von.entferndt at posteo.net

System 12.1-RELEASE.  Guess this also affects other releases as well.

Dear network wizzards,

in the default configuration installed by local-unbound-setup, local-unbound(8)
sends out DNS lookups for "private" networks (10.xxx/8, 192.168.xxx/16 etc.)
out to the internet: the option is set to unblock-lan-zones=yes in the config
file installed, whereas this setting defaults to "no" (RFC-compliant & safe).
Is this because the intended use of local-unbound(8) is to use it e.g. in a VPN
setup?
Or is it assumed other settings should be adjusted accordingly, i.e. to set up
internal and external interfaces?
I.e. it is assumed noone would ever start up local-unbound(8) with the shipped
config unedited?

I posted this question in the forum, but did not get any reply, although it was
read >100 times.  Thus I'd consider this a bug.  IMHO any automagic config
shipped or created should comply to relevant RFCs.  In rare cases this
guideline may be violated if it's reasonable, but then it should be clearly
documented, e.g. the user gets a big fat warning.

Another problem I had was devfs devices disappearing when I try to put
local_unbound in a jail.  But that's another topic.

Thx in advance, stay strong & healthy!

-- 
You are receiving this mail because:
You are the assignee for the bug.