Bug 222902 - local_unbound interfering with port version and other problems
Summary: local_unbound interfering with port version and other problems
Status: Closed FIXED
Alias: None
Product: Base System
Classification: Unclassified
Component: bin (show other bugs)
Version: 11.1-RELEASE
Hardware: Any Any
: --- Affects Only Me
Assignee: Dag-Erling Smørgrav
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2017-10-10 14:37 UTC by joeb1
Modified: 2020-01-04 01:09 UTC (History)
1 user (show)

See Also:
des: mfc-stable11+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description joeb1 2017-10-10 14:37:09 UTC
1. local_unbound is executing /usr/sbin/unbound and when the port version of unbound is installed the /usr/sbin/unbound is still being used causing a crossover mixture between local_unbound version of unbound and the ports version of unbound.
Solution is to complete the renaming of all the unbound components to be prefixed with "local_" like it should have been done in the first place. 
IE: man, conf, bin modules, lib modules. Examples; This file /usr/sbin/local-unbound-setup should be renamed to /usr/sbin/local_unbound-setup, and /usr/sbin/unbound renamed to /usr/sbin/local_unbound.

2. The usage of local_unbound is integrated with other OS functions. There is no documentation explaining their interaction. A simple man page explaining the customized local_unbound setup configuration and the interaction between  /etc/resolv.conf, /libexec/resolvconf/unbound, /usr/sbin/local-unbound-setup and the resolvconf command would go a long way to make it more user friendly.

3. local_unbound  is at version 1.5.10 and the current upstream version available is 1.6.7. Time to upgrade the local_unbound version to be current.

4. As currently configured local_unbound is forced to use the ISP DNS servers retrieved from /etc/resolv.conf. unbound comes with a built-in "root-zone" function which negates the need for a "forward-zone:" section all together. The current local_unbound configuration should be changed to deploy unbound's built-in "root-zone" function.
Comment 1 Dag-Erling Smørgrav freebsd_committer 2017-12-04 07:37:38 UTC
1. Something to consider for 12, perhaps.

2. There is no documentation for 99% of FreeBSD.  Feel free to submit some.

3. Already on my slate.

4. If you want a recursing nameserver, you are free to install and configure one - or work out a way to force local_unbound to act like one - but the purpose of local_unbound is to provide a caching, validating, *forwarding* resolver.
Comment 2 commit-hook freebsd_committer 2018-05-12 17:11:02 UTC
A commit references this bug:

Author: des
Date: Sat May 12 17:10:39 UTC 2018
New revision: 333573
URL: https://svnweb.freebsd.org/changeset/base/333573

Log:
  Rename all Unbound binaries and man pages from unbound* to local-unbound*.

  PR:		222902

Changes:
  head/ObsoleteFiles.inc
  head/contrib/unbound/daemon/unbound.c
  head/contrib/unbound/doc/unbound-checkconf.8.in
  head/contrib/unbound/smallapp/unbound-anchor.c
  head/contrib/unbound/smallapp/unbound-checkconf.c
  head/contrib/unbound/smallapp/unbound-control.c
  head/etc/rc.d/local_unbound
  head/tools/build/mk/OptionalObsoleteFiles.inc
  head/usr.sbin/unbound/Makefile
  head/usr.sbin/unbound/Makefile.inc
  head/usr.sbin/unbound/anchor/Makefile
  head/usr.sbin/unbound/checkconf/Makefile
  head/usr.sbin/unbound/control/Makefile
  head/usr.sbin/unbound/daemon/Makefile
  head/usr.sbin/unbound/local-setup/
  head/usr.sbin/unbound/setup/
Comment 3 Dag-Erling Smørgrav freebsd_committer 2018-05-12 17:17:18 UTC
The first and third item have now been taken care of.  I will shelve the second for now.  As for the fourth, I had forgotten that you can force local-unbound-setup to configure local-unbound as a recursing resolver by removing all nameserver lines from resolv.conf before running it (you may have to remove /var/unbound/forward.conf if it already exists).  I will work on improving this feature.
Comment 4 commit-hook freebsd_committer 2018-05-12 18:08:56 UTC
A commit references this bug:

Author: des
Date: Sat May 12 18:07:53 UTC 2018
New revision: 333574
URL: https://svnweb.freebsd.org/changeset/base/333574

Log:
  If the sole non-option command line argument is "none", remove any
  pre-existing forwarder configuration and set Unbound up to recurse.

  PR:		222902
  MFC after:	1 week

Changes:
  head/usr.sbin/unbound/setup/local-unbound-setup.sh
Comment 5 commit-hook freebsd_committer 2018-10-09 20:29:12 UTC
A commit references this bug:

Author: des
Date: Tue Oct  9 20:29:05 UTC 2018
New revision: 339268
URL: https://svnweb.freebsd.org/changeset/base/339268

Log:
  MFH (r333574): fully support acting as a recursing resolver.

  PR:		222902

Changes:
_U  stable/11/
  stable/11/usr.sbin/unbound/local-setup/local-unbound-setup.sh
Comment 6 commit-hook freebsd_committer 2020-01-04 01:09:48 UTC
A commit references this bug:

Author: cy
Date: Sat Jan  4 01:09:35 UTC 2020
New revision: 356345
URL: https://svnweb.freebsd.org/changeset/base/356345

Log:
  MFC r333552,333558-333568,333573,338568-338569,339275,339278,339294,340037,
      r349720,356228:

  r333552 (des):

  Upgrade Unbound to 1.6.0.  More to follow.

  r333558 (des):

  Upgrade Unbound to 1.6.1.  More to follow.

  r333559 (des):

  Upgrade Unbound to 1.6.2.  More to follow.

  r333560 (des):

  Upgrade Unbound to 1.6.3.  More to follow.

  r333561 (des):

  Upgrade Unbound to 1.6.4.  More to follow.

  r333562 (des):

  Upgrade Unbound to 1.6.5.  More to follow.

  r333563 (des):

  Upgrade Unbound to 1.6.6.  More to follow.

  r333564 (des):

  Upgrade Unbound to 1.6.7.  More to follow.

  r333565 (des):

  No reason to keep this around.

  r333566 (des):

  Upgrade Unbound to 1.6.8.  More to follow.

  r333567 (des):

  Upgrade Unbound to 1.7.0.  More to follow.

  r333568 (des):

  Upgrade Unbound to 1.7.1.

  r333573 (des):

  Rename all Unbound binaries and man pages from unbound* to local-unbound*.

  PR:		222902

  r338568 (des):

  Upgrade Unbound to 1.7.2.  More to follow.

  r338569 (des):

  Upgrade Unbound to 1.7.3.  More to follow.

  r339275 (des):

  Upgrade Unbound to 1.8.0.  More to follow.

  r339278 (des):

  Upgrade to 1.8.1.

  r339294 (des):

  Try harder to sanitize the environment before running configure.
  Remove a workaround for older Unbound versions that used sbrk.

  r340037 (des):

  Merge upstream r4932: turn so-reuseport option off by default.

  r349720 (des):

  Upgrade Unbound to 1.9.2.

  MFC r356228 (cy):
  MFV r356143:

  Update unbound 1.9.2 --> 1.9.6.

  Security:	CVE-2017-15105 (fixed by 1.6.7)
  		CVE-2019-18934 (fixed by 1.9.5)

Changes:
_U  stable/11/
  stable/11/ObsoleteFiles.inc
  stable/11/contrib/ldns/freebsd-configure.sh
  stable/11/contrib/unbound/.gitattributes
  stable/11/contrib/unbound/.travis.yml
  stable/11/contrib/unbound/Makefile.in
  stable/11/contrib/unbound/README.md
  stable/11/contrib/unbound/ac_pkg_swig.m4
  stable/11/contrib/unbound/aclocal.m4
  stable/11/contrib/unbound/acx_nlnetlabs.m4
  stable/11/contrib/unbound/acx_python.m4
  stable/11/contrib/unbound/cachedb/cachedb.c
  stable/11/contrib/unbound/cachedb/cachedb.h
  stable/11/contrib/unbound/cachedb/redis.c
  stable/11/contrib/unbound/cachedb/redis.h
  stable/11/contrib/unbound/compat/arc4_lock.c
  stable/11/contrib/unbound/compat/arc4random.c
  stable/11/contrib/unbound/compat/ctime_r.c
  stable/11/contrib/unbound/compat/getentropy_freebsd.c
  stable/11/contrib/unbound/compat/getentropy_linux.c
  stable/11/contrib/unbound/compat/getentropy_osx.c
  stable/11/contrib/unbound/compat/getentropy_solaris.c
  stable/11/contrib/unbound/compat/getentropy_win.c
_U  stable/11/contrib/unbound/compat/isblank.c
  stable/11/contrib/unbound/compat/malloc.c
  stable/11/contrib/unbound/compat/snprintf.c
_U  stable/11/contrib/unbound/compat/strsep.c
  stable/11/contrib/unbound/config.guess
  stable/11/contrib/unbound/config.h
  stable/11/contrib/unbound/config.h.in
  stable/11/contrib/unbound/config.sub
  stable/11/contrib/unbound/configure
  stable/11/contrib/unbound/configure.ac
  stable/11/contrib/unbound/contrib/README
  stable/11/contrib/unbound/contrib/aaaa-filter-iterator.patch
  stable/11/contrib/unbound/contrib/create_unbound_ad_servers.sh
  stable/11/contrib/unbound/contrib/drop-tld.diff
  stable/11/contrib/unbound/contrib/fastrpz.patch
  stable/11/contrib/unbound/contrib/libunbound.pc.in
  stable/11/contrib/unbound/contrib/libunbound.so.conf
  stable/11/contrib/unbound/contrib/parseunbound.pl
  stable/11/contrib/unbound/contrib/redirect-bogus.patch
  stable/11/contrib/unbound/contrib/unbound-fuzzers.tar.bz2
  stable/11/contrib/unbound/contrib/unbound-fuzzme.patch
  stable/11/contrib/unbound/contrib/unbound-querycachedb.py
  stable/11/contrib/unbound/contrib/unbound.init
  stable/11/contrib/unbound/contrib/unbound.init_fedora
  stable/11/contrib/unbound/contrib/unbound.service.in
  stable/11/contrib/unbound/contrib/unbound.socket.in
  stable/11/contrib/unbound/contrib/unbound_munin_
  stable/11/contrib/unbound/daemon/acl_list.c
  stable/11/contrib/unbound/daemon/acl_list.h
  stable/11/contrib/unbound/daemon/cachedump.c
  stable/11/contrib/unbound/daemon/cachedump.h
  stable/11/contrib/unbound/daemon/daemon.c
  stable/11/contrib/unbound/daemon/daemon.h
  stable/11/contrib/unbound/daemon/remote.c
  stable/11/contrib/unbound/daemon/remote.h
  stable/11/contrib/unbound/daemon/stats.c
  stable/11/contrib/unbound/daemon/stats.h
  stable/11/contrib/unbound/daemon/unbound.c
  stable/11/contrib/unbound/daemon/worker.c
  stable/11/contrib/unbound/daemon/worker.h
  stable/11/contrib/unbound/dns64/dns64.c
  stable/11/contrib/unbound/dnscrypt/
  stable/11/contrib/unbound/dnscrypt/cert.h
  stable/11/contrib/unbound/dnscrypt/dnscrypt.c
  stable/11/contrib/unbound/dnscrypt/dnscrypt.h
  stable/11/contrib/unbound/dnscrypt/dnscrypt.m4
  stable/11/contrib/unbound/dnscrypt/dnscrypt_config.h
  stable/11/contrib/unbound/dnstap/dnstap.c
  stable/11/contrib/unbound/dnstap/dnstap.proto
  stable/11/contrib/unbound/doc/CNAME-basedRedirectionDesignNotes.pdf
  stable/11/contrib/unbound/doc/Changelog
  stable/11/contrib/unbound/doc/IP-BasedActions.pdf
  stable/11/contrib/unbound/doc/README
  stable/11/contrib/unbound/doc/README.ipset.md
  stable/11/contrib/unbound/doc/TODO
  stable/11/contrib/unbound/doc/example.conf
  stable/11/contrib/unbound/doc/example.conf.in
  stable/11/contrib/unbound/doc/libunbound.3
  stable/11/contrib/unbound/doc/libunbound.3.in
  stable/11/contrib/unbound/doc/requirements.txt
  stable/11/contrib/unbound/doc/unbound-anchor.8
  stable/11/contrib/unbound/doc/unbound-anchor.8.in
  stable/11/contrib/unbound/doc/unbound-checkconf.8
  stable/11/contrib/unbound/doc/unbound-checkconf.8.in
  stable/11/contrib/unbound/doc/unbound-control.8
  stable/11/contrib/unbound/doc/unbound-control.8.in
  stable/11/contrib/unbound/doc/unbound-host.1
  stable/11/contrib/unbound/doc/unbound-host.1.in
  stable/11/contrib/unbound/doc/unbound.8
  stable/11/contrib/unbound/doc/unbound.8.in
  stable/11/contrib/unbound/doc/unbound.conf.5
  stable/11/contrib/unbound/doc/unbound.conf.5.in
  stable/11/contrib/unbound/doc/unbound.doxygen
  stable/11/contrib/unbound/edns-subnet/
  stable/11/contrib/unbound/edns-subnet/addrtree.c
  stable/11/contrib/unbound/edns-subnet/addrtree.h
  stable/11/contrib/unbound/edns-subnet/subnet-whitelist.c
  stable/11/contrib/unbound/edns-subnet/subnet-whitelist.h
  stable/11/contrib/unbound/edns-subnet/subnetmod.c
  stable/11/contrib/unbound/edns-subnet/subnetmod.h
  stable/11/contrib/unbound/freebsd-configure.sh
  stable/11/contrib/unbound/install-sh
  stable/11/contrib/unbound/ipsecmod/
  stable/11/contrib/unbound/ipsecmod/ipsecmod.c
  stable/11/contrib/unbound/ipset/
  stable/11/contrib/unbound/iterator/iter_delegpt.c
  stable/11/contrib/unbound/iterator/iter_delegpt.h
  stable/11/contrib/unbound/iterator/iter_donotq.h
  stable/11/contrib/unbound/iterator/iter_fwd.c
  stable/11/contrib/unbound/iterator/iter_fwd.h
  stable/11/contrib/unbound/iterator/iter_hints.c
  stable/11/contrib/unbound/iterator/iter_hints.h
  stable/11/contrib/unbound/iterator/iter_priv.h
  stable/11/contrib/unbound/iterator/iter_scrub.c
  stable/11/contrib/unbound/iterator/iter_utils.c
  stable/11/contrib/unbound/iterator/iter_utils.h
  stable/11/contrib/unbound/iterator/iterator.c
  stable/11/contrib/unbound/iterator/iterator.h
  stable/11/contrib/unbound/libunbound/context.c
  stable/11/contrib/unbound/libunbound/context.h
  stable/11/contrib/unbound/libunbound/libunbound.c
  stable/11/contrib/unbound/libunbound/libworker.c
  stable/11/contrib/unbound/libunbound/libworker.h
  stable/11/contrib/unbound/libunbound/python/
  stable/11/contrib/unbound/libunbound/ubsyms.def
  stable/11/contrib/unbound/libunbound/unbound-event.h
  stable/11/contrib/unbound/libunbound/unbound.h
  stable/11/contrib/unbound/libunbound/worker.h
  stable/11/contrib/unbound/ltmain.sh
  stable/11/contrib/unbound/respip/
  stable/11/contrib/unbound/respip/respip.c
  stable/11/contrib/unbound/services/authzone.c
  stable/11/contrib/unbound/services/authzone.h
  stable/11/contrib/unbound/services/cache/dns.c
  stable/11/contrib/unbound/services/cache/dns.h
  stable/11/contrib/unbound/services/cache/infra.c
  stable/11/contrib/unbound/services/cache/infra.h
  stable/11/contrib/unbound/services/cache/rrset.c
  stable/11/contrib/unbound/services/cache/rrset.h
  stable/11/contrib/unbound/services/listen_dnsport.c
  stable/11/contrib/unbound/services/listen_dnsport.h
  stable/11/contrib/unbound/services/localzone.c
  stable/11/contrib/unbound/services/localzone.h
  stable/11/contrib/unbound/services/mesh.c
  stable/11/contrib/unbound/services/mesh.h
  stable/11/contrib/unbound/services/modstack.c
  stable/11/contrib/unbound/services/modstack.h
  stable/11/contrib/unbound/services/outside_network.c
  stable/11/contrib/unbound/services/outside_network.h
  stable/11/contrib/unbound/services/view.c
  stable/11/contrib/unbound/services/view.h
  stable/11/contrib/unbound/sldns/keyraw.c
  stable/11/contrib/unbound/sldns/keyraw.h
  stable/11/contrib/unbound/sldns/parse.c
  stable/11/contrib/unbound/sldns/parse.h
  stable/11/contrib/unbound/sldns/parseutil.c
  stable/11/contrib/unbound/sldns/parseutil.h
  stable/11/contrib/unbound/sldns/rrdef.c
  stable/11/contrib/unbound/sldns/rrdef.h
  stable/11/contrib/unbound/sldns/sbuffer.c
  stable/11/contrib/unbound/sldns/sbuffer.h
  stable/11/contrib/unbound/sldns/str2wire.c
  stable/11/contrib/unbound/sldns/str2wire.h
  stable/11/contrib/unbound/sldns/wire2str.c
  stable/11/contrib/unbound/sldns/wire2str.h
  stable/11/contrib/unbound/smallapp/unbound-anchor.c
  stable/11/contrib/unbound/smallapp/unbound-checkconf.c
  stable/11/contrib/unbound/smallapp/unbound-control-setup.sh
  stable/11/contrib/unbound/smallapp/unbound-control-setup.sh.in
  stable/11/contrib/unbound/smallapp/unbound-control.c
  stable/11/contrib/unbound/smallapp/unbound-host.c
  stable/11/contrib/unbound/smallapp/worker_cb.c
  stable/11/contrib/unbound/systemd.m4
  stable/11/contrib/unbound/util/alloc.c
  stable/11/contrib/unbound/util/alloc.h
  stable/11/contrib/unbound/util/config_file.c
  stable/11/contrib/unbound/util/config_file.h
  stable/11/contrib/unbound/util/configlexer.lex
  stable/11/contrib/unbound/util/configparser.y
  stable/11/contrib/unbound/util/data/dname.c
  stable/11/contrib/unbound/util/data/dname.h
  stable/11/contrib/unbound/util/data/msgencode.c
  stable/11/contrib/unbound/util/data/msgencode.h
  stable/11/contrib/unbound/util/data/msgparse.c
  stable/11/contrib/unbound/util/data/msgparse.h
  stable/11/contrib/unbound/util/data/msgreply.c
  stable/11/contrib/unbound/util/data/msgreply.h
  stable/11/contrib/unbound/util/data/packed_rrset.c
  stable/11/contrib/unbound/util/data/packed_rrset.h
  stable/11/contrib/unbound/util/edns.c
  stable/11/contrib/unbound/util/edns.h
  stable/11/contrib/unbound/util/fptr_wlist.c
  stable/11/contrib/unbound/util/fptr_wlist.h
  stable/11/contrib/unbound/util/iana_ports.inc
  stable/11/contrib/unbound/util/locks.c
  stable/11/contrib/unbound/util/locks.h
  stable/11/contrib/unbound/util/log.c
  stable/11/contrib/unbound/util/log.h
  stable/11/contrib/unbound/util/mini_event.c
  stable/11/contrib/unbound/util/mini_event.h
  stable/11/contrib/unbound/util/module.c
  stable/11/contrib/unbound/util/module.h
  stable/11/contrib/unbound/util/net_help.c
  stable/11/contrib/unbound/util/net_help.h
  stable/11/contrib/unbound/util/netevent.c
  stable/11/contrib/unbound/util/netevent.h
  stable/11/contrib/unbound/util/random.c
  stable/11/contrib/unbound/util/random.h
  stable/11/contrib/unbound/util/rbtree.c
  stable/11/contrib/unbound/util/rbtree.h
  stable/11/contrib/unbound/util/regional.c
  stable/11/contrib/unbound/util/rtt.c
  stable/11/contrib/unbound/util/shm_side/
  stable/11/contrib/unbound/util/shm_side/shm_main.c
  stable/11/contrib/unbound/util/shm_side/shm_main.h
  stable/11/contrib/unbound/util/storage/dnstree.c
  stable/11/contrib/unbound/util/storage/dnstree.h
  stable/11/contrib/unbound/util/storage/lookup3.c
  stable/11/contrib/unbound/util/storage/lruhash.c
  stable/11/contrib/unbound/util/storage/lruhash.h
  stable/11/contrib/unbound/util/storage/slabhash.c
  stable/11/contrib/unbound/util/storage/slabhash.h
  stable/11/contrib/unbound/util/tcp_conn_limit.c
  stable/11/contrib/unbound/util/tcp_conn_limit.h
  stable/11/contrib/unbound/util/timehist.c
  stable/11/contrib/unbound/util/timehist.h
  stable/11/contrib/unbound/util/tube.c
  stable/11/contrib/unbound/util/tube.h
  stable/11/contrib/unbound/util/ub_event.c
  stable/11/contrib/unbound/util/ub_event.h
  stable/11/contrib/unbound/util/ub_event_pluggable.c
  stable/11/contrib/unbound/util/winsock_event.c
  stable/11/contrib/unbound/util/winsock_event.h
  stable/11/contrib/unbound/validator/autotrust.c
  stable/11/contrib/unbound/validator/autotrust.h
  stable/11/contrib/unbound/validator/val_anchor.c
  stable/11/contrib/unbound/validator/val_anchor.h
  stable/11/contrib/unbound/validator/val_kcache.c
  stable/11/contrib/unbound/validator/val_neg.c
  stable/11/contrib/unbound/validator/val_neg.h
  stable/11/contrib/unbound/validator/val_nsec.c
  stable/11/contrib/unbound/validator/val_nsec.h
  stable/11/contrib/unbound/validator/val_nsec3.c
  stable/11/contrib/unbound/validator/val_nsec3.h
  stable/11/contrib/unbound/validator/val_secalgo.c
  stable/11/contrib/unbound/validator/val_sigcrypt.c
  stable/11/contrib/unbound/validator/val_sigcrypt.h
  stable/11/contrib/unbound/validator/val_utils.c
  stable/11/contrib/unbound/validator/val_utils.h
  stable/11/contrib/unbound/validator/validator.c
  stable/11/contrib/unbound/validator/validator.h
  stable/11/crypto/openssh/freebsd-configure.sh
  stable/11/etc/rc.d/local_unbound
  stable/11/lib/libunbound/Makefile
  stable/11/tools/build/mk/OptionalObsoleteFiles.inc
  stable/11/usr.sbin/unbound/Makefile
  stable/11/usr.sbin/unbound/Makefile.inc
  stable/11/usr.sbin/unbound/anchor/Makefile
  stable/11/usr.sbin/unbound/checkconf/Makefile
  stable/11/usr.sbin/unbound/control/Makefile
  stable/11/usr.sbin/unbound/daemon/Makefile
  stable/11/usr.sbin/unbound/local-setup/
  stable/11/usr.sbin/unbound/setup/