Bug 248102 - [local_unbound] default config file violates RFC
Summary: [local_unbound] default config file violates RFC
Status: New
Alias: None
Product: Base System
Classification: Unclassified
Component: standards (show other bugs)
Version: Unspecified
Hardware: Any Any
: --- Affects Some People
Assignee: freebsd-standards (Nobody)
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2020-07-19 13:20 UTC by Walter von Entferndt
Modified: 2020-07-23 15:01 UTC (History)
2 users (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Walter von Entferndt 2020-07-19 13:20:07 UTC
System 12.1-RELEASE.  Guess this also affects other releases as well.

Dear network wizzards,

in the default configuration installed by local-unbound-setup, local-unbound(8) sends out DNS lookups for "private" networks (10.xxx/8, 192.168.xxx/16 etc.) out to the internet: the option is set to unblock-lan-zones=yes in the config file installed, whereas this setting defaults to "no" (RFC-compliant & safe).
Is this because the intended use of local-unbound(8) is to use it e.g. in a VPN setup?
Or is it assumed other settings should be adjusted accordingly, i.e. to set up internal and external interfaces?
I.e. it is assumed noone would ever start up local-unbound(8) with the shipped config unedited?

I posted this question in the forum, but did not get any reply, although it was read >100 times.  Thus I'd consider this a bug.  IMHO any automagic config shipped or created should comply to relevant RFCs.  In rare cases this guideline may be violated if it's reasonable, but then it should be clearly documented, e.g. the user gets a big fat warning.

Another problem I had was devfs devices disappearing when I try to put local_unbound in a jail.  But that's another topic.

Thx in advance, stay strong & healthy!