search

openwrt / packages

Community maintained packages for OpenWrt. Documentation for submitting pull requests is in CONTRIBUTING.md
GNU General Public License v2.0
4.01k stars 3.48k forks source link

unbound-daemon: init script causes DNS request over WAN but means to use localhost as destination #23653

Open bughunter2 opened 7 months ago

bughunter2 commented 7 months ago

Maintainer: @EricLuehrsen Environment: x86_64, generic, 23.05.2

Description:

When dnsmasq is enabled, and Unbound is configured to listen at port 53, the Unbound init script makes a DNS request which can leave your WAN interface (visible in Wireshark, see below).

In the function resolv_setup(), there's the bug ...:

  nslookup localhost 127.0.0.1#53 >/dev/null 2>&1

... when fixed, it becomes ...:

  nslookup localhost 127.0.0.1:53 >/dev/null 2>&1

The original code might have always caused DNS requests to leave WAN, unless some older version of busybox (nslookup) perhaps did accept the '#' syntax to denote the port, but I don't know whether that's the case.

wireshark

brada4 commented 7 months ago

The port is not even necessary, default 53 is compiled-in...

bughunter2 commented 7 months ago

The port is not even necessary, default 53 is compiled-in...

Agreed. Guess I left it in as I was playing around with the syntax, but indeed!

brada4 commented 7 months ago

Original source file has hashmark which is wrong by all means. You found it broken.

EricLuehrsen commented 7 months ago

That's not good... :facepalm: