Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow CNAME overrides for unbound #1617

Merged
merged 2 commits into from
May 5, 2017
Merged

Allow CNAME overrides for unbound #1617

merged 2 commits into from
May 5, 2017

Conversation

sjorge
Copy link
Contributor

@sjorge sjorge commented May 5, 2017

We allow for CNAME to be used in the host override for unbound.

This closes #1614.

sjorge added 2 commits May 5, 2017 16:20
@sjorge
Allow CNAME overrides for unbound
4ad3530 
We allow for CNAME to be used in the host override for unbound.
This closes #1614.
@sjorge
Make sure the cname field is filled in on edit.
4e94eb5
@sjorge sjorge mentioned this pull request May 5, 2017
Closed
4 tasks
@fichtner fichtner merged commit d3492ab into opnsense:master May 5, 2017
@fichtner
Copy link
Member

fichtner commented May 5, 2017

looks good, thanks!

@sjorge sjorge deleted the unbound_cname branch May 5, 2017 20:32
@sjorge
Copy link
Contributor Author

sjorge commented May 6, 2017
edited
Loading

Hey @fichtner although the CNAME are properly returned (yay) some local resolvers seem to have issues with them.

This is because unbound does not include the recursive A and/or AAAA records :(
There is an excellent thread here http://unbound.net/pipermail/unbound-users/2009-March/000507.html

Looks like it will probably never work with unbound without having an authoritative server behind it.
Again back to trusty dnsmasq, for now.

I'm conflicted about it, although technically this PR is technically correct and working it has some weird issues that will confuse users endlessly.

Although it pains to say this, perhaps we should back this out again.
There is not clean way to offer CNAME records via unbound without having the domain backed by bind or nsd.

@sjorge
Copy link
Contributor Author

sjorge commented May 9, 2017
edited
Loading

Example difference between dnsmasq with --cname=test.example.org,test.vlan10.example.org vs unbound with CNAME.

dnsmasq

$ dig +short test.example.org
test.vlan10.example.org.
127.0.0.2

ssh, ping, ... are all happy with this.

unbound

$ dig +short test.example.org
test.vlan10.example.org.

ssh, ping, ... not happy. Stuff like firefox are.

@sjorge
Copy link
Contributor Author

sjorge commented May 10, 2017

@fichtner bump

@fichtner
Copy link
Member

yeah, agreed, I'll back it out.

@sjorge
Copy link
Contributor Author

sjorge commented May 10, 2017
edited
Loading

Yeah I switched back to dnsmasq for now, nothing wrong with it but I was initially really impressed with unbound too.

fichtner added a commit that referenced this pull request May 10, 2017
@fichtner
Revert "Allow CNAME overrides for unbound (#1617)"
0c514ce 
This reverts commit d3492ab.
Per author request: CNAME does not fully work in unbound at
this point.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[17.1.6] Overrides for unbound can't be CNAME
2 participants
@sjorge @fichtner