Date: Wed, 8 Nov 2017 13:38:28 +0200 From: Andriy Gapon <avg@FreeBSD.org> To: freebsd-net@FreeBSD.org Subject: local_unbound, resolvconf, vpn Message-ID: <5689438f-6734-6b57-b700-d70ee2b7578a@FreeBSD.org>
next in thread | raw e-mail | index | archive | help
I've just enabled local_unbound on a machine and everything seems to work fine.
But there are a few minor quirks that I would like to report.
First, there is now an automatically generated /etc/resolvconf.conf.
It has the following comment:
# This file was generated by local-unbound-setup.
# Modifications will be overwritten.
Is that comment really true?
What and when is going to overwrite my modifications?
I've made some changes and they haven't been overwritten yet.
But if that comment is true, then it is a rather big inconvenience.
For example, I want to be able to set private_interfaces="tun* tap*" to limit
impact of VPN provided DNS configurations.
Next. The auto-generated resolvconf.conf has this trick to prevent modifications
of resolv.conf: resolv_conf="/dev/null"
The trick works but it causes some small noise when resolvconf is run, like
cannot copy /dev/null to /dev/null.bak.
I think that a nicer solution is to just set name_servers=127.0.0.1:
name_servers
Prepend name servers to the dynamically generated list. You
should set this to 127.0.0.1 if you use a local name server other
than libc.
resolv_conf_local_only
If a local name server is configured then the default is just to
specify that and ignore all other entries as they will be
configured for the local name server. Set this to NO to also
list non-local nameservers. This will give you working DNS even
if the local nameserver stops functioning at the expense of
duplicated server queries.
As I understand resolv_conf_local_only is YES by default and default
local_nameservers includes 127.*, so name_servers=127.0.0.1 should do the right
thing.
Last. Every time I connect to a VPN (via vpnc or openvpn, for exmaple) the
unbound daemon is restarted. That's expected because its configuration is
changed. But there is a slightly annoying message that appears to be harmless:
unbound: [7457:0] error: cannot chdir to directory: (No such file or directory)
I wonder what causes this messages and if it's possible to shut it up.
Thank you.
--
Andriy Gapon
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5689438f-6734-6b57-b700-d70ee2b7578a>