unbound: make blocklist additions/removals dynamic to prevent a restart#5747
unbound: make blocklist additions/removals dynamic to prevent a restart#5747AdSchellevis merged 3 commits intoopnsense:masterfrom
Conversation
This commit contains an optimization for the way unbound can be updated in its' configuration without the need for restarting Unbound and by extension a loss of internet connectivity. Hopefully this will pave the way for optimizations on other aspects of Unbounds' configuration as well. We could for example look into making the provided wrapper function more generic. The GUI has also been modified slightly to inform the user of the amount of RRs added/removed.
src/opnsense/mvc/app/controllers/OPNsense/Unbound/Api/ServiceController.php
Show resolved
Hide resolved
Yes and no. What would be nice would be ACL updates but that isn't supported by unbound-control. This likely applies to other situations as well where it would be nice but wasn't implemented. ;) |
True, but unbound-control contains a wealth of other functionality which theoretically allows us to drastically reduce the number of restarts Unbound requires. This matters especially when millions of DNSBL records need to be loaded in every time. On top of that, we could trim the legacy codebase of functionality (such as overrides) we deemed too complex to put in a template and make it the responsibility of a configd action. A downside I see would be the fact that 'Apply' wouldn't really apply the entire configuration anymore, but may be addressed through either documentation or a general 'force restart' option. This is also the reason I renamed the dnsbl button to |
Changed the following minor items: o gettext() for human readable reponse message o simplify comparison loop (only new or diff are actually the same operation) o replace one-liner split into a loop with validation in case an empty record exists (or something that doesn't fit the pattern) o remove optional (but always) set -f option
|
@swhite2 feedback and proposed changes in https://github.com/opnsense/core/tree/unbound_PR5747 (052fc62) |
Changed the following minor items: o gettext() for human readable reponse message o simplify comparison loop (only new or diff are actually the same operation) o replace one-liner split into a loop with validation in case an empty record exists (or something that doesn't fit the pattern) o remove optional (but always) set -f option
|
@AdSchellevis Thanks for the review. Cherry-picked it and changed the following:
|
|
@swhite2 thanks! |
| type:script | ||
| type:script_output | ||
| message:Updating Unbound DNSBLs | ||
| description:Update Unbound DNSBLs |
There was a problem hiding this comment.
@swhite2 @AdSchellevis due to review for 22.1.7 I saw that this is also used for a cron job due to the attached description. will it even continue to work? if not we need to split into dnsbl and dnsbl.cron ...
There was a problem hiding this comment.
@fichtner cron will ignore the output as far as I know
3 participants
This PR contains an optimization for the way unbound can be updated in its' configuration
without the need for restarting Unbound and by extension a loss of internet connectivity.
Hopefully this will pave the way for optimizations on other aspects of Unbounds' configuration as well.
We could for example look into making the provided wrapper function more generic.
The GUI has also been modified slightly to inform the user of the amount of RRs added/removed.