/etc/hosts handling plugin for unbound
pemensik at redhat.com
Wed Dec 21 10:37:19 UTC 2022
On 12/19/22 17:39, Paul Wouters wrote:
> On Mon, 19 Dec 2022, Petr Menšík via Unbound-users wrote:
>> Is there some plugin for automatically watching /etc/hosts file for
>> changes and loading them as a local data?
>> I am thinking about supporting unbound as a default localhost cache.
>> But I think many people rely on /etc/hosts changes are propagated
>> automatically to the cache. Dnsmasq and systemd-resolved both try to
>> watch this file and re-read it after changes.
>> Is there any existing way to populate local data automatically from
>> it? Is it already possible to synchronize local data in unbound with
>> legacy text file?
> Any real software uses /etc/nsswitch.conf which states something like:
> hosts: files myhostname mdns4_minimal [NOTFOUND=return] dns
> The "files" directory (see man nsswitch.conf) reads in /etc/hosts first.
> This happens before the "dns" entry, so before unbound is used. So for
> apps on localhost this should work fine? It is always read (and not
That is not strictly true. Some software may use DNS explicitly via
specialized libraries, like libresolv, ldns, libunbound, etc. dig and
host tools are the best examples. What you wrote applies only to
applications using getaddrinfo() or gethostbyname() API calls.
> But I guess you want to make it systemd-resolved+glibc hack compatible,
> where calls to gethostbyname() are intercepted outside of nsswitch by a
> linux glibc hack, then fed to systemd-resolved, which I guess might do
> wrong thing by using dns before files ?
I am more inspired by dnsmasq, which I maintain also. But both of those
is able to watch /etc/hosts and auto-load its entries into the local DNS
cache. I think it might be useful in some cases to have very simple way
to add address override for some names on whole machine. I use it
sometimes to create common records for virtual machines or containers
running on my machine. I think it is convenient to query those names
also from DNS only tools like dig, unbound-host or similar. dnsmasq
spawned for libvirt forwards queries to my localhost cache, because
/etc/resolv.conf on the host points to it.
Sure, it should be possible to disable this behavior. An unbound module
or plugin might be a way.
> Or are you trying to work with the libunbound call of:
> /* lookup from /etc/hosts before DNS lookups as people expect
> that */
> ugh = ub_ctx_hosts(dns_ctx, "/etc/hosts");
> and are afraid changes in /etc/hosts are not picked up without an
> unbound restart?
Yes something similar. But this requires explicit code in (every) client
binary. Instead of a common code in the localhost cache instance.
> I guess I feel /etc/hosts is there only for localhost apps in case of
> broken DNS. The days you could leave something out of DNS by putting in
> the /etc/hosts file are kinda long gone.
Is that true? Can you give an example, why it is so? Isn't it the
argument for adding /etc/hosts to the DNS then?
> Perphaps you can detail a bit more of what you are looking for and what
> you are afraid of ?
I just would like ability to provide a way both dnsmasq and
systemd-resolved have. Yes, I know it is possible to use unbound-control
to add local zone and local data into it. But that is too complicated
for ordinary user IMO. It is not persistent. sudoedit /etc/hosts is
simple enough even for (a bit) advanced user. Should be relatively
simple to implement also. It should not break anything if enabled by
default on workstations.
Software Engineer, RHEL
Red Hat, https://www.redhat.com/
More information about the Unbound-users