diff options
| author | Phil Davis <phil.davis@inf.org> | 2015-03-26 06:36:16 +0545 |
|---|---|---|
| committer | Renato Botelho <garga@FreeBSD.org> | 2015-03-26 13:00:12 -0300 |
| commit | 383dd72d61c6e483e38b8e798c0cb1ffc0c3c1e4 (patch) | |
| tree | 10c7983dc33a21d296d3aa211be6a926e75e108a | |
| parent | 11fd072b116ef663dbd652143f038475a5f351c9 (diff) | |
| download | pfsense-383dd72d61c6e483e38b8e798c0cb1ffc0c3c1e4.zip pfsense-383dd72d61c6e483e38b8e798c0cb1ffc0c3c1e4.tar.gz | |
Always include general setup DNS servers in unbound.conf
when forwarding mode is on.
The General Setup setting "Allow DNS server list to be overridden by DHCP/PPP on WAN" has always been used in dnsmasq to ADD DHCP/PPP provided DNS servers to the list, while also keeping the DNS servers specified in General Setup. That behavior is needed if:
1) WAN1 static IP with upstream DNS server/s specified in General Setup and selecting the WAN1 gateway. WAN2 uses DHCP, DNS server received by DHCP from upstream. The user needs to tick "Allow DNS server list to be overridden by DHCP/PPP on WAN" to get the WAN2 DNS server to be used, but also wants the DNS server from General Setup to also be used.
2) WAN1 static IP, DNS server/s specified in General Setup. For whatever reason the user has also ticked "Allow DNS server list to be overridden by DHCP/PPP on WAN". In actual fact there are no WAN-style interfaces set to DHCP, so "allowing to be overridden" should not come into effect anyway - the DNS servers in General Setup should be used.
3) WAN1 DHCP, but the upstream DHCP does not give out any DNS server/s. "Allow DNS server list to be overridden by DHCP/PPP on WAN" is ticked. Again there are no DNS servers received via DHCP, so any "override" should not be invoked.
In all cases, it turns out that actually we want any General Setup DNS servers to be included in the DNS forwarder/resolver conf in addition to whatever (if any) DNS servers happen to be provided from a DHPC-WAN.
This change makes unbound behave that way - the same as dnsmasq already does.
| -rw-r--r-- | etc/inc/unbound.inc | 12 |
1 files changed, 6 insertions, 6 deletions
diff --git a/etc/inc/unbound.inc b/etc/inc/unbound.inc index 61e5a9a..130af85 100644 --- a/etc/inc/unbound.inc +++ b/etc/inc/unbound.inc @@ -224,7 +224,7 @@ EOF; $verbosity = isset($config['unbound']['log_verbosity']) ? $config['unbound']['log_verbosity'] : 1; $use_caps = isset($config['unbound']['use_caps']) ? "yes" : "no"; - // Set up forwarding if it configured + // Set up forwarding if it is configured if (isset($config['unbound']['forwarding'])) { $dnsservers = array(); if (isset($config['system']['dnsallowoverride'])) { @@ -233,11 +233,11 @@ EOF; if ($nameserver) $dnsservers[] = $nameserver; } - } else { - $ns = array_unique(get_dns_servers()); - foreach($ns as $nameserver) { - if ($nameserver) - $dnsservers[] = $nameserver; + } + $sys_dnsservers = array_unique(get_dns_servers()); + foreach ($sys_dnsservers as $sys_dnsserver) { + if ($sys_dnsserver && (!in_array($sys_dnsserver, $ns))) { + $dnsservers[] = $sys_dnsserver; } } |
