Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ISC DHCPv4 static mapping with domain starting with dot breaks Unbound DNS #8266

Open
dseven opened this issue Jan 30, 2025 · 1 comment
Open

ISC DHCPv4 static mapping with domain starting with dot breaks Unbound DNS #8266

dseven opened this issue Jan 30, 2025 · 1 comment
Labels
incomplete Issue template missing info

Comments

@dseven
Copy link
Contributor

dseven commented Jan 30, 2025
edited
Loading

See also: https://forum.opnsense.org/index.php?topic=45457.0

Reproducible in v25.1. Unknown if this was ever not an issue.

The OPNsense Web UI allows addition of an ISC DHCPv4 static mapping with a domain name starting with a dot ("."). The resulting Unbound DNS config (assuming "Register DHCP Static Mappings" is enabled) looks like:

local-data-ptr: "192.168.1.254 fakehostname..fakedomain"
local-data: "fakehostname..fakedomain IN A 192.168.1.254"

which results in Unbound failing to start:

<27>1 2025-01-30T16:00:08+00:00 opntest1.localdomain unbound 8416 - [meta sequenceId="24"] [8416:0] error: error parsing local-data at 15 'fakehostname..fakedomain IN A 192.168.1.254': Empty label
<27>1 2025-01-30T16:00:08+00:00 opntest1.localdomain unbound 8416 - [meta sequenceId="25"] [8416:0] error: Bad local-data RR fakehostname..fakedomain IN A 192.168.1.254
<26>1 2025-01-30T16:00:08+00:00 opntest1.localdomain unbound 8416 - [meta sequenceId="26"] [8416:0] fatal error: Could not set up local zones

To Reproduce

Steps to reproduce the behavior:

  1. Enable "Register DHCP Static Mappings" for Unbound DNS
  2. Create an ISC DHCPv4 static mapping (for any DHCP-enabled interface) with a fake MAC address (e.g. "aa:bb:cc:dd:ee:ff"), hostname "fakehostname" and domain ".fakedomain"
  3. (try to) restart the Unbound DNS service (it will fail)
  4. Observe error in resolver log

Note: It appears that neither ISC DHCPv6 static mappings nor Kea reservations allow specification of a domain name, so this issue seems to pertain to ISC DHCPv4 only.

Expected behavior

Perhaps OPNsense should strip any leading dots from domain names when combining them with hostnames to produce DNS records, which would allow Unbound to start.

If that's not feasible, the UI should refuse to create a static mapping where the domain starts with a dot.
@OPNsense-bot
Copy link

Thank you for creating an issue.
Since the ticket doesn't seem to be using one of our templates, we're marking this issue as low priority until further notice.

For more information about the policies for this repository,
please read https://github.com/opnsense/core/blob/master/CONTRIBUTING.md for further details.

The easiest option to gain traction is to close this ticket and open a new one using one of our templates.

@OPNsense-bot OPNsense-bot added the incomplete Issue template missing info label Jan 30, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
incomplete Issue template missing info
Milestone
No milestone
Development

No branches or pull requests
2 participants
@dseven @OPNsense-bot