Hi. I used DNS spoofing for local addresses, because I want to bypass external IP address and for some selected domains I want to point my local computers directly to my local server. So I have
server:
local-zone: ‘server.example.cz.’ transparent
local-data: 'server.example.cz. IN A 192.168.2.5’
in my unbound local.conf file and
list include_path "/etc/unbound/local.conf"
in my /etc/config/unbound.
Before yesterdays update it worked, but after this update it does not work anymore. I guess it’s related to the switch from Unbound to Knot, but I have the very first version of Turris (1.0) which should not use Knot.
So please how to fix it? Should set this setting somewhere for Knot?
This is probably caused by moving configuration from /etc/config/unbound to a more generic /etc/config/resolver. The migration script somehow missed the local configs migration. All you have to do is to manually move the section config unbound includes from the former file to the latter file under name config resolver unbound_includes.
just today I wanted to set up new parameter - qname-minimisation for my Turris 1.1. Even though I wrote it down in format qname-minimisation: yes OR option qname_minimisation 'yes' to the file /etc/config/resolver, either way it wasn’t applied to auto-generated (vi /etc/unbound/unbound.conf).
Moreover the unbound-checkconf says no errors in /etc/unbound/unbound.conf even though I made a typo/syntax mistake on purpose in the conf file!!
Could you check it out CZNIC team members please? Seems to me like a bug…
The settings with include another conf file work like a charm.
This option is probably not supported from the UCI config, you have to include another file for that.
The autogenerated file is at /var/etc/unbound/unbound.conf. File /etc/unbound/unbound.conf should be just a symlink to /var/etc/unbound/unbound.conf. The configuration file is generated just before starting unbound, so if you run unbound-checkconf after making a change, you check the previous generated configuration, not the current one.
Alright, I tried to make a syntax mistake once a gain (I added: balaslm "as’ assas) to /var/etc/config/resolver then restarted unbound - unbound-checkconf didn’t give me any warning. Then I made the same syntax mistake in my included unbound conf file and after that I got errors. So as you said, its related to UCI.
Thank you Ondřej for the explanation.
I thought that the syntax of the unbound conf. parameters depends on unbound as an application. (I gotta learn more about UCI) Anyway you’re right, QName works when its written in another conf file.
