Hey everyone!
I have a issue with my router. So, I have installed the latest Openwrt with unbound.
I use unbound to give PTR records to my devices in the LAN, so I can use their hostnames in my apps to get both IPv4 and IPv6 when it's available. But recently (for some months) after a while unbound drops all entries in it's "local" list... The only hostname that doesn't disappear is the router's own hostname. But after I restart unbound it restores all hostnames and strata working well again.
What can I do?
If you need to see any files just say and I'll post!
Which unbound version? Which odhcpd version? (opkg list-installed | grep "unbound\|odhcpd")
Did you manually setup unbound or did you use the uci/LuCI setup interface?
Your DNSSEC/DNS over TLS config looks incomplete as well. In /etc/unbound/unbound_ext.conf the 'forward-addr' format must be ip "@" port number "#" followed by the valid public hostname (which is actually missing) in order for unbound to use the tls-cert-bundle to validate the dns server certificate.
root@OpenWrt:~# cat /etc/config/dhcp
config dhcp 'lan'
option interface 'lan'
option ra 'server'
option dhcpv6 'server'
option dhcpv4 'server'
option dhcpv4_forcereconf '1'
option dhcpv6_na '0'
list domain 'lan'
option start '11'
option limit '254'
option ra_management '0'
option leasetime '1h'
config dhcp 'wan'
option interface 'wan'
option ignore '1'
config odhcpd 'odhcpd'
option maindhcp '1'
option leasefile '/tmp/lib/odhcpd/dhcp.leases'
option leasetrigger '/usr/lib/unbound/odhcpd.sh'
option loglevel '4'
config host
option name 'DATASERVER'
option dns '1'
option mac '70:85:C2:78:5A:7C'
option ip '192.168.1.2'
config host
option name 'NEXTCLOUD'
option dns '1'
option mac '02:FF:60:BA:B5:82'
option ip '192.168.1.3'
root@OpenWrt:~# cat /etc/unbound/unbound_ext.conf
##############################################################################
# Extended user clauses added to the end of the UCI generated 'unbound.conf'
#
# Put your own forward:, view:, stub:, or remote-control: clauses here. This
# file is appended to the end of 'unbound.conf' with an include: statement.
# Notice that it is not part of the server: clause. Use 'unbound_srv.conf' to
# place custom option statements in the server: clause.
root@OpenWrt:~# cat /etc/unbound/unbound_srv.conf
##############################################################################
# User custom options added in the server: clause part of UCI 'unbound.conf'
#
# Add your own option statements here when they are not covered by UCI. This
# file is placed _inside_ the server: clause with an include: statement. Do
# not start other clauses here, because that would brake the server: clause.
# Use 'unbound_ext.conf' to start new clauses at the end of 'unbound.conf'.
##############################################################################
and thats it, for an extra:
root@OpenWrt:~# cat /etc/config/unbound
config unbound
option domain 'lan'
option edns_size '1280'
option hide_binddata '1'
option listen_port '53'
option localservice '1'
option manual_conf '0'
option ttl_min '120'
option verbosity '1'
option enabled '1'
option dhcp_link 'odhcpd'
option dhcp4_slaac6 '1'
option add_local_fqdn '3'
option unbound_control '1'
option protocol 'ip6_prefer'
option extended_stats '1'
option dns64 '0'
option root_age '3'
option rebind_localhost '1'
option validator '1'
option validator_ntp '1'
option add_extra_dns '1'
option rebind_protection '0'
option domain_type 'static'
option resource 'default'
option recursion 'default'
option add_wan_fqdn '3'
list trigger_interface 'lan'
list trigger_interface 'wan'
list trigger_interface 'wan6'
config zone
option fallback '0'
option enabled '1'
option zone_type 'forward_zone'
list zone_name '.'
list server '1.0.0.1'
list server '1.1.1.1'
list server '2606:4700:4700::1001'
list server '2606:4700:4700::1111'
option tls_upstream '1'
option tls_index 'one.one.one.one'
You've activated "extra dns" in unbound ... this function does not parse 'host' entries, excerpt from the online doc:
option add_extra_dns '0'
Level. Execute traditional DNS overrides found in `/etc/config/dhcp`.
Optional so you may use other Unbound conf or redirect to NSD instance.
0 - Ignore `/etc/config/dhcp`
1 - Use only 'domain' clause (host records)
2 - Use 'domain', 'mxhost', and 'srvhost' clauses
3 - Use all of 'domain', 'mxhost', 'srvhost', and 'cname' clauses
... for a combination of unbound plus odhcpd you have to use 'domain' sections.
Ok, I've disabled it since you told me to, butt it still drops all hostnames, I've seen in log the time when it happens and there's nothing to show, it doesn't say anything, it's just like it gets deleted without unbound noticing.
Does it drop /etc/config/dhcp#domain host names? Or does it drop odhcpd lease host names? Is the time to failure repeatable or appear to be in a regular range?
For odhpcd and depending your lease duration settings and how clients renew versus confirm leases, the lease file output can be stale. The script for dhcp-to-dns records tries to do differences to be robust to active networks (lots of mobile devices coming and going). The interaction can delete hosts on lease expiration, but not get new lease information on renew or more likely is blind as cosequence to confirm transactions.
It drops everything, but when all hostnames are dropped, I go to luci unbound settings and do "apply" the hostnames come back.
My lease time is 4 hours