local_unbound resolv.conf being overwritten on jail restart

[CJRoss]

I need to set up a DNS cache in my jail just for that jail. local_unbound appears to do exactly what I need. However, every time I restart the jail, the resolv.conf reverts back to my dhcp settings and DNS queries are no longer cached.

The various solutions I've seen online are to add supersede to the dhclient or resolvconf=NO to resolvconf but I'm not sure that either of those is the correct way to go. What am I missing that causes it to get overwritten despite local-unbound-setup setting resolv_conf=/dev/null?

Thanks.

 

[CJRoss]

Any suggestions? I'm running yt-dlp and without having the local resolver it ends up spamming my DNS server for the same query over and over.

 

[sretalla]

if you check your jail settings (iocage get all jailname), is your resolver:/etc/resolv.conf ?

Seems this thread (https://github.com/iocage/iocage/issues/138) discusses what you might want to do about it... maybe setting it to the IP of the jail (or none... although I note the feedback on that was it didn't work).

 

[CJRoss]

if you check your jail settings (iocage get all jailname), is your resolver:/etc/resolv.conf ?

Seems this thread (https://github.com/iocage/iocage/issues/138) discusses what you might want to do about it... maybe setting it to the IP of the jail (or none... although I note the feedback on that was it didn't work).

My jail settings do show resolv.conf as my resolver. However, I haven't run the local-unbound command.

That thread looks interesting. I'll give some of the suggestions a try and see what happens.

Thanks.

 

[Patrick M. Hausen]

Does iocage get resolver <jailname> show "resolv.conf"? That explicitly instructs iocage to copy the hosts resolv.conf into the jail at each start. For iocage to leave resolv.conf untouched you need to iocage set resolver=/dev/null <jailname>.

See implementation.

After iocage is dealt with there might still be an issue with resolvconf.conf inside the jail. Please check for any issues and report back.

OTOH if you run a local cacheing Unbound inside the jail, why don't you just iocage set "resolver=nameserver 127.0.0.1" <jailname>?

 

[CJRoss]

Does iocage get resolver <jailname> show "resolv.conf"? That explicitly instructs iocage to copy the hosts resolv.conf into the jail at each start. For iocage to leave resolv.conf untouched you need to iocage set resolver=/dev/null <jailname>.

See implementation.

After iocage is dealt with there might still be an issue with resolvconf.conf inside the jail. Please check for any issues and report back.

OTOH if you run a local cacheing Unbound inside the jail, why don't you just iocage set "resolver=nameserver 127.0.0.1" <jailname>?

I haven't delved much into the inner workings of jails. I just create them and install packages.

The local unbound setup script handles the resolv.conf inside the jail so as long as I get iocage to stop overwriting it that should work.

I've made the jail change and reran the setup so I should be good. Now I just have to wait and see if it sticks after I get a chance to reboot.