-
-
Notifications
You must be signed in to change notification settings - Fork 340
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Inconsistent Behavior with Changing rpz-cname-override and doing a unbound-control reload #1021
Comments
All I can see is that, in the
So I figured out the 'rpz' is a 'authzone' with a flag. I think there is a need to a function in rpz.c to reconfigure the rpz with the changed info in 'struct config_auth'. |
I figure out, none of the rpz info was reloaded when editing conf and doing a I was able to 'correct' the issue, creating a function
I can do a PR, but, I don't know how to 'clear' some things (or even if is needed), like, The function can be used inside Then, in authzone.c -> auth_zones_cfg, call rpz_config if 'isrpz' |
You are right the reload did not take rpz config variable changes into account. With the suggested code changes adjusted to allocate and free and for failure code paths, the commit makes it possible to adjust rpz configuration and then reload it. There is also a unit test. Thanks for the report, hopefully this solves the issue! |
* nlnet/master: - For windows build, persist the openssl and expat directories for repeated builds while debugging. - Fix that addrinfo is not kept around but copied and freed, so that log-destaddr uses a copy of the information, much like NSD does. - The code repository continues with version 1.19.4. - Fix rpz for cname override action after nsdname and nsip triggers. - Fix to unify codepath for local alias for rpz cname action override. - Fix rpz that the rpz override is taken in case of clientip triggers. Fix that the clientip passthru action is logged. Fix that the clientip localdata action is logged. Fix rpz override action cname for the clientip trigger. - Fix NLnetLabs#1029: rpz trigger clientip and action rpz-passthru not working as expected. Changelog entry for NLnetLabs#1028: - Merge NLnetLabs#1028: Clearer documentation for tcp-idle-timeout and edns-tcp-keepalive-timeout. Clearer documentation for tcp-idle-timeout and edns-tcp-keepalive-timeout (NLnetLabs#1028) - Fix NLnetLabs#1021 Inconsistent Behavior with Changing rpz-cname-override and doing a unbound-control reload. Update doc/Changelog to note the fixes included in 1.19.3rc2.
When attempting to change the
rpz-cname-override
value in the 'rpz:' section of the Unbound configuration and reloading the configuration usingunbound-control reload
, the override does not take effect. The DNS server continues to reply with the CNAME specified before the change.After restarting Unbound (
kill
), the new configuration runs correctly.To reproduce
Modify the value of
rpz-cname-override
in the Unbound configuration file.Execute
unbound-control reload
to reload the Unbound configuration.The query reply a CNAME for dev01.example.com
Expected behavior
After reloading the Unbound configuration, the new value of
rpz-cname-override
should take effect, and the DNS server should reply with the updated CNAME for dev02.example.com.System:
OS: FreeBSD
Unbound version -V: Version 1.19.1
Configure line: --with-libevent --with-libbsd --with-pthreads --enable-dnscrypt --enable-subnet
Linked libs: libevent 2.0.22-stable (it uses kqueue), OpenSSL 1.0.2j 26 Sep 2016
Linked modules: dns64 subnetcache respip validator iterator
DNSCrypt feature available
Additional information
Attempts to resolve the issue using commands such as rpz_disable, rpz_enable, auth_zone_reload, flush_zone, flush have been unsuccessful. The desired behavior is achieved only after restarting the Unbound service (kill), which is not desirable.
The text was updated successfully, but these errors were encountered: