-
Notifications
You must be signed in to change notification settings - Fork 599
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
dns/bind: forwarders with port #3640
base: master
Are you sure you want to change the base?
dns/bind: forwarders with port #3640
Conversation
Hi, what are we trying to fix? Validation/model not taking the right data? Ideally I’d like to avoid large data manipulation in the template. Cheers, |
I want to run unbound on port 53530 and bind on port 53. Is it possible to handle the data manipulation somewhere else? |
Yes, ping me on Monday please. |
I just read the Plugin Hello World. I think the validation/transformation logic should go into: GeneralController.php
I don't know how to go about this though. Also what is the minimal setup required to deploy/test plugins? |
The change belongs to the model xml file. You can look up how the forward address is defined there. |
PS: the Listen addresses are already addr/port pairs but that construct is not great. It’s probably work to make this future proof but I had this on my wish list for years anyway. |
So you would also like the listen addresses be addr:port and have the port field removed? I could just copy and paste my jinja parser two more times (slightly adapted) if you want 🙃. Or I could create a jinja macro? If it is possible to transform the input from the webui in php I could port the jinja script over and maybe even add some proper validation errors. To do that I would need more guidance though. Note: It's fine to continue this on monday. |
Or would you like to add a new input type "IpPortField" which can handle ipv4,ipv6 and optional ports?
|
@fichtner Ping |
It could also be done like query forwarding in unbound. |
@raldone01 we discussed this internally today. If you want to extend the field that's ok and we suggest the simple approach taken by dnscryptproxy: https://github.com/opnsense/plugins/blob/master/dns/dnscrypt-proxy/src/opnsense/mvc/app/models/OPNsense/Dnscryptproxy/General.xml#L10L13 the validation is nonexistent but it does the job. later maybe we will add a special field type for it with the validation included but it's not high on the priority list as the core system tries to avoid dealing with "loose" IP/port configuration not otherwise related to the rest of the system. For plugins that approach can be ok. I wouldn't recommend overcomplicating forwarders more than this. In Unbound it's done for historic and technical reasons (DoT requires more input per server) but here in bind I think it works just fine with the easy appraoch. |
So the jinja template is fine? |
You can try it. I'm not 100% on the syntax bind requires for multiple values but it's easy enough to try. |
Is it fine to change files in the plugin of my live opensense? |
update will overwrite manual changes, but for testing that is the easiest way to do it indeed |
@raldone01 how are things going on your end? |
I still want to do it. My time messing with opnsense is limited to days where no one else is home. |
No rush, just wanted to poke you about it while looking at open PRs. |
Still fiddling with the basic dns setup. 🙂 |
Fixes #1715
First time writing a jinja script.
Let me know if anything is incorrect.