Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Ability to disable search domain entirely for specific DHCPv6 and/or DHCPv4 servers #6918

Open
2 tasks done
samip5 opened this issue Oct 8, 2023 · 11 comments · May be fixed by #7449
Open
2 tasks done

Ability to disable search domain entirely for specific DHCPv6 and/or DHCPv4 servers #6918

samip5 opened this issue Oct 8, 2023 · 11 comments · May be fixed by #7449
Assignees
@fichtner
Labels
cleanup Low impact changes
Milestone
24.7

Comments

@samip5
Copy link

samip5 commented Oct 8, 2023
edited

Important notices

Before you add a new report, we ask you kindly to acknowledge the following:

Is your feature request related to a problem? Please describe.

My FR is related to the problem that comes from having Kubernetes pods inherit the DNS settings from hosts that get an search-domain set, as it will result in unwanted behavior due to the default ndots of 5.

Describe the solution you like

I would like the ability to not set search domain at all in specific DHCP server settings for both v6 and v4.
I think that when disabled, the correct behavior would be to not send search domains at all.

Describe alternatives you considered

I have considered to just reconfigure the hosts to not accept DNS from DHCP, but that's not the right choice to me.

Additional context

This was specifically painful before alpine 3.18 due to musl related DNS stub resolver thing
@fichtner
Copy link
Member

You will need to be a little more clear up front because DHCPv4 help text and code indicate it works as you expect:

core/src/www/services_dhcp_edit.php

Line 420 in 02b6085

<?=gettext("The DHCP server can optionally provide a domain search list. Use the semicolon character as separator.");?>

core/src/etc/inc/plugins.inc.d/dhcpd.inc

Lines 739 to 741 in 02b6085

if (!empty($dhcpifconf['domainsearchlist'])) {
$dnscfg .= " option domain-search \"" . join("\",\"", preg_split("/[ ;]+/", $dhcpifconf['domainsearchlist'])) . "\";\n";
}

Don't mind looking into it but I also don't want to spend time verifying otherwise.

Cheers,
Franco

@fichtner fichtner added the support Community support label Oct 10, 2023
@samip5
Copy link
Author

samip5 commented Oct 10, 2023

Don't mind looking into it but I also don't want to spend time verifying otherwise.

The verification at https://github.com/opnsense/core/blob/02b6085023f9fa0a4b072d09da3c239bcf9bb985/src/www/services_dhcp.php#L235L237 says different, as it will not accept . for domain and I don't want domain nor search to be populated to nodes /etc/resolv.conf.

@fichtner
Copy link
Member

I've looked at domainsearchlist, you seem to be looking at domain. Again it would help to be clear.

@samip5
Copy link
Author

samip5 commented Oct 10, 2023
edited

I've looked at domainsearchlist, you seem to be looking at domain. Again it would help to be clear.

I think both need to be able to have a dot only, aka disable sending domain AND search domain. They however seem to go hand-in-hand, but the only thing I checked was that domain will not accept a dot.

@samip5
Copy link
Author

samip5 commented Oct 10, 2023
edited

domainsearchlist will also yield the same validation error as domain.

A valid domain search list must be specified. when set to a single dot.

@fichtner
Copy link
Member

Can you look at #6529 and maybe see if you can implement it. It would be quicker just to look at proposed changes. I don't have a lot of time at the moment due to 23.10 being released next week.

@OPNsense-bot
Copy link

This issue has been automatically timed-out (after 180 days of inactivity).

For more information about the policies for this repository,
please read https://github.com/opnsense/core/blob/master/CONTRIBUTING.md for further details.

If someone wants to step up and work on this issue,
just let us know, so we can reopen the issue and assign an owner to it.

@OPNsense-bot OPNsense-bot closed this as not planned Won't fix, can't repro, duplicate, stale Apr 4, 2024
@OPNsense-bot OPNsense-bot added the help wanted Contributor missing / timeout label Apr 4, 2024
@samip5
Copy link
Author

samip5 commented May 9, 2024

Now that I'm back on the opnsense train, I have a need to fix this particular problem. :)

@samip5 samip5 linked a pull request May 9, 2024 that will close this issue
Open
@fichtner fichtner self-assigned this May 9, 2024
@fichtner fichtner added cleanup Low impact changes and removed help wanted Contributor missing / timeout support Community support labels May 9, 2024
@fichtner fichtner added this to the 24.7 milestone May 9, 2024
@fichtner
Copy link
Member

fichtner commented May 9, 2024

Nice. I’m back next week. Please ping me at the end of the week if I forget to merge your changes after a test drive and rechecking documentation.

@fichtner fichtner reopened this May 9, 2024
@samip5
Copy link
Author

samip5 commented May 10, 2024

I tried this out with opnsense-patch -V -a samip5 -r opnsense-core 797347c001bd3713d6ff7b7c1000b0033e1faf3d and it seems my changes were not enough, but my newer commit samip5@4bc96b9 was.

@samip5
Copy link
Author

samip5 commented May 15, 2024

@fichtner ping, wasn't sure which end of week you meant.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@fichtner fichtner

Labels
cleanup Low impact changes
Milestone
24.7
Development

Successfully merging a pull request may close this issue.

Allow root domain as literal dot for DHCPv4 and DHCPv6 samip5/opnsense-core
3 participants
@samip5 @fichtner @OPNsense-bot