From owner-freebsd-net@freebsd.org  Wed Nov  8 11:45:42 2017
Return-Path: <owner-freebsd-net@freebsd.org>
Delivered-To: freebsd-net@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 90E95E4FFD2
 for <freebsd-net@mailman.ysv.freebsd.org>;
 Wed,  8 Nov 2017 11:45:42 +0000 (UTC)
 (envelope-from agapon@gmail.com)
Received: from mail-lf0-f52.google.com (mail-lf0-f52.google.com
 [209.85.215.52])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 0C4A576371;
 Wed,  8 Nov 2017 11:45:41 +0000 (UTC)
 (envelope-from agapon@gmail.com)
Received: by mail-lf0-f52.google.com with SMTP id a16so2795803lfk.0;
 Wed, 08 Nov 2017 03:45:41 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:to:from:subject:message-id:date:user-agent
 :mime-version:content-language:content-transfer-encoding;
 bh=2xPJynwxzjOoowo/8HpQKZCgthhR9Mf5Y1yhUGVNiKQ=;
 b=fDp0lfiyE7r1MClAha/rNeg2anEnYK1OhNmH/oU+O020JdXiQT6SrVNMnUSe4RnEL7
 opMIm6NeO3u695H7Wu2PtF5GZDYUzaysGRWWPxG1yDf+FPk7n6rw1A1knmS+r0DCCDZK
 9EP2l23kAYcC/5bxTl2Ak7XSj7qKl3SvRICi6INdceSv5sXK50hUVMXiFklE3SDhXo3S
 Xd5HTv3kbwMZExgGurY+aMR0rQJNY8s80WaLHtcy/pUG8JojSsXIxCVeIPDB7wTLvq+t
 Cg8mkW5ixaaaN/FhiQWszCrxdQRNTkw2q3EZ3kUeCFJNZYvJ5WSbphijmS24eiTJjpV9
 mt1A==
X-Gm-Message-State: AJaThX5hI24RaTNv9XnYAh2fWijRoFKgDK52ZvymZvrs3TVjHD4k7Da8
 lVIS9s/YW5M1bQr8v3cKlTyWxdiQ
X-Google-Smtp-Source: AGs4zMZSSJLhCZwyOSKchgh4yz9Of0Y5lBv3SiUy7cNpgg9z/QifqXJ0SDloQmv4BoR1pEJoEGK+TQ==
X-Received: by 10.25.21.233 with SMTP id 102mr78253lfv.252.1510141111539;
 Wed, 08 Nov 2017 03:38:31 -0800 (PST)
Received: from [192.168.0.88] (east.meadow.volia.net. [93.72.151.96])
 by smtp.googlemail.com with ESMTPSA id r2sm634045lff.62.2017.11.08.03.38.29
 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
 Wed, 08 Nov 2017 03:38:30 -0800 (PST)
To: freebsd-net@FreeBSD.org
From: Andriy Gapon <avg@FreeBSD.org>
Subject: local_unbound, resolvconf, vpn
Message-ID: <5689438f-6734-6b57-b700-d70ee2b7578a@FreeBSD.org>
Date: Wed, 8 Nov 2017 13:38:28 +0200
User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:52.0) Gecko/20100101
 Thunderbird/52.4.0
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: 7bit
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net/>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 08 Nov 2017 11:45:42 -0000


I've just enabled local_unbound on a machine and everything seems to work fine.
But there are a few minor quirks that I would like to report.

First, there is now an automatically generated /etc/resolvconf.conf.
It has the following comment:
# This file was generated by local-unbound-setup.
# Modifications will be overwritten.
Is that comment really true?
What and when is going to overwrite my modifications?
I've made some changes and they haven't been overwritten yet.
But if that comment is true, then it is a rather big inconvenience.
For example, I want to be able to set private_interfaces="tun* tap*" to limit
impact of VPN provided DNS configurations.

Next. The auto-generated resolvconf.conf has this trick to prevent modifications
of resolv.conf: resolv_conf="/dev/null"
The trick works but it causes some small noise when resolvconf is run, like
cannot copy /dev/null to /dev/null.bak.
I think that a nicer solution is to just set name_servers=127.0.0.1:
     name_servers
             Prepend name servers to the dynamically generated list.  You
             should set this to 127.0.0.1 if you use a local name server other
             than libc.

     resolv_conf_local_only
             If a local name server is configured then the default is just to
             specify that and ignore all other entries as they will be
             configured for the local name server.  Set this to NO to also
             list non-local nameservers.  This will give you working DNS even
             if the local nameserver stops functioning at the expense of
             duplicated server queries.
As I understand resolv_conf_local_only is YES by default and default
local_nameservers includes 127.*, so name_servers=127.0.0.1 should do the right
thing.

Last.  Every time I connect to a VPN (via vpnc or openvpn, for exmaple) the
unbound daemon is restarted.  That's expected because its configuration is
changed.  But there is a slightly annoying message that appears to be harmless:
unbound: [7457:0] error: cannot chdir to directory:  (No such file or directory)

I wonder what causes this messages and if it's possible to shut it up.

Thank you.
-- 
Andriy Gapon