search

NLnetLabs / unbound

Unbound is a validating, recursive, and caching DNS resolver.
https://nlnetlabs.nl/unbound
BSD 3-Clause "New" or "Revised" License
3.1k stars 354 forks source link

[FR] `outgoing-interface:` should accept interface names #820

Open moviuro opened 1 year ago

moviuro commented 1 year ago

Current behavior Is there a current behavior that the feature relates to? If yes, would you wish the current behavior to change?

From the manpage:

outgoing-interface: <ip address or ip6 netblock>
              Interface to use to connect to the network. This
              interface is used to send queries to authoritative
              servers and receive their replies.

Describe the desired feature A clear and concise description of what the feature should be.

outgoing-interface accepts interface definitions, such as:

outgoing-interface: vlan832
outgoing-interface: em0

This could also be enhanced to specify if the operator wants to use IPv4 and/or IPv6 on that interface:

outgoing-interface: vlan832:inet
outgoing-interface: em0:inet6
outgoing-interface: em4 # default, both

manpage looks like:

outgoing-interface: <ip address or ip6 netblock or interface name[:inet|:inet6]>
              Interface to use to connect to the network. This
              interface is used to send queries to authoritative
              servers and receive their replies.

Potential use-case Describe how you see this feature being useful to other Unbound users.

I replaced my home router/gateway (French Livebox from Orange France) with an OpenBSD machine. Orange doesn't deliver stable IPv4 nor IPv6 addresses (DHCP & DHCPv6 woes), so I can't put ip address or ip6 netblock in the outgoing-interface settings without risking that it all breaks at some point in the future.

At the moment, I could use a local address (192.168.1.1) as outgoing-interface, but it adds a layer of indirection (NAT from 192.168.1.1 to (vlan832:address)).

moviuro commented 1 year ago

unbound(8)'s current behavior is causing additional issues in my setup:

unbound(8) when doing some round-robin on all available interfaces (incl. egress and wg0) ends up using my wg0 IPv6 from time to time to contact some DNS servers; except that the default route takes the request to the egress interface with a wg0 address -> problem (packet gets discarded by the ISP, unbound(8) resolves slowly)

In the end, until outgoing-interface: <if> is implemented, I have resorted to using outgoing-interface: 192.168.1.1 :disappointed:

akarelas commented 1 month ago

I need this too, because I want to route DNS requests through the VPN connection on Linux, which has an interface with a stable name (tun0) but this network interface has a different IP address each time.