pfsense_fauxapi icon indicating copy to clipboard operation
pfsense_fauxapi copied to clipboard

Published 20 hours ago verified publisher icon ndejong

Services / DNS Resolver

Open binhvcom opened this issue 4 years ago • 12 comments

How could i add/remove/list all the dns hosts overrides ? Can you give me a example, thank you.

binhvcom avatar Sep 26 '19 08:09 binhvcom

Are you meaning the DNS host overrides in the DNS forwarder or in the DNS resolver?

Personally I use a python script to update the DNS resolver (unbound). The important part is this:

    api = PfsenseFauxapi(
            host = api_host,
            apikey = api_key,
            apisecret = api_secret,
            use_verified_https = False)
    unbound = api.config_get('unbound')
    new_host = {
        "aliases": "",
        "descr": "",
        "domain": module.params['domain'],
        "host": module.params['hostname'],
        "ip": module.params['ipv4'],
    }
    found_host = None
    for host in unbound['hosts']:
        if host['domain'] == new_host['domain'] and \
           host['host'] == new_host['host']:
            found_host = host
    if state == 'present':
        if found_host != None:
            if found_host['ip'] != new_host['ip']:
                found_host['ip'] = new_host['ip']
                changed = True
            if found_host['aliases'] != new_host['aliases']:
                found_host['aliases'] = new_host['aliases']
                changed = True
        else:
            unbound['hosts'].append(new_host)
            changed = True
    elif state == 'absent':
        if found_host != None:
            unbound['hosts'].remove(found_host)
            changed = True
    if changed:
        api.config_set(unbound, 'unbound')

This configures everything in the config.xml but I still need to figure out how to apply these changes via python.

mkochenough avatar Sep 29 '19 07:09 mkochenough

Thanks you, i will tested it asap. i will temporary closed this issues.

binhvcom avatar Sep 30 '19 04:09 binhvcom

is it necessary to have a https. Because i see you have option

use_verified_https = False

I am testing on local. But i kinda have some problem about the https, my web only http.

requests.exceptions.SSLError: HTTPSConnectionPool(host='192.168.1.160', port=80): Max retries exceeded with url: /fauxapi/v1/?action=config_get&__debug=true (Caused by SSLError(SSLError("bad handshake: Error([('SSL routines', 'ssl3_get_record', 'wrong version number')])")))

This is my test connection code

PfsenseFauxapi = PfsenseFauxapi(use_verified_https = False, host = api_host, apikey = api_key, apisecret = api_secret, debug = True)

binhvcom avatar Sep 30 '19 08:09 binhvcom

@binhvcom there is a hint in the exception you've provided - somehow you are connecting to port-80 which ordinarily is non-https but the connection is being attempted as a https connection - could you provide the actual URL you are providing, it sounds like there is a mismatch between http, https and port-80 and port-443

Also - @mkochenough - thanks for jumping in to answer on this, appreciate people helping people here.

ndejong avatar Sep 30 '19 14:09 ndejong

i am try to test at local, so the url is 192.168.1.160, it don't have DNS, only local (for test then production later), i try to change port to 80 but it won't work (it still use https) And big thanks to @mkochenough i will try my best.

binhvcom avatar Oct 01 '19 02:10 binhvcom

Also - @mkochenough - thanks for jumping in to answer on this, appreciate people helping people here.

I try to help and share what I already learned. But I still need to figure out how to make the new configuration active via fauxapi. @ndejong any idea about this?

mkochenough avatar Oct 01 '19 05:10 mkochenough

@mkochenough - it sounds like you need to manually restart the unbound service to force it to reload the new configuration, try doing a send_event with service restart unbound as the input data - disclaimer, I've not confirmed this for you, but it looks to be what you need here.

ndejong avatar May 23 '20 06:05 ndejong

@mkochenough - A little more research shows that pfSense actually does a send_event using the following input string service reload dns - which would seem more likely to address your issue here.

ndejong avatar May 23 '20 07:05 ndejong

@mkochenough did the send_event with service reload dns resolve your issue?

ndejong avatar Jun 14 '20 04:06 ndejong

@ndejong I'm having the same problem. service reload dns doesn't do the trick. I was looking in /var/unbound/host_entries.conf. The alias that I added isn't there, whereas when I add it through the web interface it will be added there. Somehow that file needs to be modified. Any idea how?

Richie765 avatar Jul 26 '20 15:07 Richie765

I think I found a solution. Instead of service reload dns I'm calling the functions unbound_hosts_generate and system_dhcpleases_configure. The first regenerates host_entries.conf. It also reloads unbound, but it seems not to be enough as the new entry is not working right away. The second function call sends a HUP signal to unbound, after that I could ping the new entry.

Richie765 avatar Jul 26 '20 17:07 Richie765

Just want to add to @Richie765 's helpful comments that this seems to only work when DHCP Registration is enabled in the unbound config.

Not sure if that's something I'd like, so if anyone can provide any advice on how to reload the unbound service without involving DHCP, that would be much appreciated.

For a bit of context, I've tried all the other advice here, using send_event with the different args .. to no avail. I could confirm that after using fauxapi python lib to add the dns host override, the entry was visible in the web gui, but the DNS query returned NXDOMAIN .. until I manually hit the save button in the web gui.

Also, if anyone's wondering how to call functions using the CLI, I had to figure it out by digging in the source code, which wasn't that obvious:

fauxapi --host 192.168.1.1 function_call '{"function": "system_dhcpleases_configure"}'

robin-snt avatar Aug 27 '20 17:08 robin-snt