opnsense
Opnsense - Bind Plugin - Configuration settings - Unable to disable query logs.
Important notices Before you add a new report, we ask you kindly to acknowledge the following:
- [ yes ] I have read the contributing guide lines at https://github.com/opnsense/plugins/blob/master/CONTRIBUTING.md
- [yes ] I have searched the existing issues, open and closed, and I'm convinced that mine is new.
- [yes ] When the request is meant for an existing plugin, I've added its name to the title.
Is your feature request related to a problem? Please describe.
-
Unable to disable querylogs or any logging through GUI. Further, if this file '/usr/local/etc/namedb/named.conf' was modified directly, it gets overwritten when saved in GUI.
-
Similar case for 'Recursion' settings.
-
Thirdly, no option of adding default responses such as 'any', 'none', etc in ACL is a deal-breaker.
Describe the solution you'd like As said above, the 'named.conf' file is overwritten whenever the Save button is pressed in GUI. If the 'named.conf' file is kept separate to that of the GUI settings file, will give the flexibility of adding the necessary settings to fine-tune the settings as per the individual requirements. This is my humble submission.
Describe alternatives you've considered Nothing i can think of as of now. Sorry.
Why do you want to disable logging? Usually the people complain about the lack of logging. If you need to change content of named.conf you can always install just the pkg of bind9 and dont use the plugin which will work fine, too.
Why do you want to disable logging? Usually the people complain about the lack of logging. If you need to change content of named.conf you can always install just the pkg of bind9 and dont use the plugin which will work fine, too.
Greetings of the day!
It will be nice to toggle between logging 'On' or 'Off' as a finegrained control, especially through GUI. I have Opnsense installed in SSD and everything in my network goes through BIND, in which if querylogs are not disabled shall shorten the life of SSD.
Nice suggestion to install just the bind9 package as a workaround. I shall try it in the meantime.
This issue has been automatically timed-out (after 180 days of inactivity).
For more information about the policies for this repository, please read https://github.com/opnsense/plugins/blob/master/CONTRIBUTING.md for further details.
If someone wants to step up and work on this issue, just let us know, so we can reopen the issue and assign an owner to it.
Why do you want to disable logging? Usually the people complain about the lack of logging. If you need to change content of named.conf you can always install just the pkg of bind9 and dont use the plugin which will work fine, too.
Hello, new OPNsense user here (but with pfSense experience).
@mimugmail Sorry for replying to the old thread, but I'd like to +1 the request, for exactly the same reasons. In my homelab that has just a few clients running the bind averages one query per two seconds, 40k a day. A larger system can easily see millions. Most of the time no one is interested in logging every incoming query after the system is configured, up and running - in my opinion there is no need to hit the SSD. I guess a modern SSD is going to be fine with that even when counting the write amplification in, but even in that case, why spend the CPU resources doing unneeded things?
While I could use the raw package, I am using ansible to manage the firewall so losing the API is not really an option. There is unfortunately no way to configure unbound to do what I need either, or at least I did not find a way to (namely, I need the resolver to follow the CNAME chain when being asked for e.g. a TXT record, as common in ACME DNS setups).
