Control: found -1 1.13.1-1
Hi,
On 2022-01-05 09:56:26 +0100, Andrej Shadura wrote:
> In fact, unbound comes with resolvconf integration, so it should
> know about other nameservers coming from DHCP. It is likely that the
> fact you add 127.0.0.1 in front of them is preventing that
> integration from working properly. Or maybe it’s a bug.
The unbound(8) man page says
To use a locally running Unbound for resolving put
nameserver 127.0.0.1
into resolv.conf(5).
Since resolv.conf is under the control of dhclient, I did that
via the dhclient configuration file.
I now see the /etc/resolvconf/update.d/unbound file (this was not
documented). It runs /lib/resolvconf/list-records, so I'll see
what I get. I'm no longer in the train, so I won't be able to
test hostname resolution, but I could see whether the knowledge
of other DHCP-provided nameservers gets in $FWD in this script.
If I understand how this should work with resolvconf + unbound:
* /etc/resolv.conf should contain only 127.0.0.1 (corresponding
to unbound).
* /lib/resolvconf/list-records should output lines with 127.0.0.1
and the DHCP-provided nameservers.
* /etc/resolvconf/update.d/unbound makes unbound aware of these
DHCP-provided nameservers.
I'll see whether I get this (I don't have my laptop with me here).
If I do, then yes, this could be a bug in unbound. I'm not sure,
though, because the unbound-control(8) man page is not very detailed.
It says in particular:
If off is passed, forwarding is disabled and the root nameservers
are used. This can be used to avoid to avoid buggy or non-DNSSEC
supporting nameservers returned from DHCP. But may not work in
hotels or hotspots.
I'm precisely in the case of buggy nameservers returned from DHCP!
So it appears that what the /etc/resolvconf/update.d/unbound script
does may be wrong! What I want is to use the root nameservers by
default, and the nameservers returned from DHCP as a fallback
(e.g. for "hotels or hotspots", like in the train), as described
in the resolv.conf(5) man page: "If there are multiple servers,
the resolver library queries them in the order listed." But it is
also possible that the unbound-control(8) man page is inaccurate
and misleading.
BTW, in the train, it is also possible that this wasn't working
due to bad coincidence, since the network wasn't very good and
there could be failures due to that. But I had tried several
times, and this began to work only after I replaced resolv.conf
to have the DHCP-provided nameserver there (after 127.0.0.1).
--
Vincent Lefèvre <vinc...@vinc17.net> - Web: <https://www.vinc17.net/>
100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/>
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)
