Updating Existing Install (.deb) always changes bogus-priv value to true
I have an internal network with two sets of DNS servers; A set of authoritative DNS servers which serve up an internal domain as well as PTR records for the .arpa reverse DNS lookup zones of the IP address ranges which we use internally. I also have a set of resolvers which run only the NextDNS client as a server for internal network clients. All internal network clients are configured to point to these two NextDNS cli servers, which then either send queries up to NextDNS.io service online or else forward requests internally for our internal domain and associated .arpa zones, all defined in the NextDNS config files on these two NextDNS internal resolvers.
I have noticed that when updating the NextDNS debian client on these internal NextDNS resolvers via official installer configured APT repository, my existing config line entry of bogus-priv false is always replaced to bogus-priv true. This breaks my internal network reverse DNS configuration for my clients who are pointed to my internal forwarding resolvers which are running NextDNS. As it is replaced at time of doing apt updates, internal applications and clients which depend on internal zones being forwarded to my proper internal authoratative servers as well as the matching reverse lookup zones to be forwarded, break until I recover them by once again entering `nextdns config set -bougs-priv=false`, at which point the forwarder entries in the nextdns config are honored and processed once more.
I believe this to be a bug as nextdns is overwriting a config entry which should not be overwritten at the time of update, but should be left how it is, user defined.
NextDNS version
# nextdns version
nextdns version 1.43.5
NextDNS APT repo config
# cat /etc/apt/sources.list.d/nextdns.list
deb [signed-by=/etc/apt/keyrings/nextdns.gpg] https://repo.nextdns.io/deb stable main
NextDNS APT Signing Key
# gpg -k --no-default-keyring --keyring /etc/apt/keyrings/nextdns.gpg
/etc/apt/keyrings/nextdns.gpg
-----------------------------
pub rsa3072 2021-04-18 [SC] [expires: 2033-04-16]
AD34842BF3C80F656A833F66467A7CCC8ACFA0B7
uid [ unknown] NextDNS <team@nextdns.io>
sub rsa3072 2021-04-18 [E] [expires: 2033-04-16]
dpkg status of package nextdns
# dpkg -l|grep nextdns
ii nextdns 1.43.5 amd64 NextDNS DNS/53 to DoH Proxy
/etc/os-release
# cat /etc/os-release
PRETTY_NAME="Ubuntu 22.04.4 LTS"
NAME="Ubuntu"
VERSION_ID="22.04"
VERSION="22.04.4 LTS (Jammy Jellyfish)"
VERSION_CODENAME=jammy
ID=ubuntu
ID_LIKE=debian
HOME_URL="https://www.ubuntu.com/"
SUPPORT_URL="https://help.ubuntu.com/"
BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
UBUNTU_CODENAME=jammy
/etc/lsb-release
# cat /etc/lsb-release
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=22.04
DISTRIB_CODENAME=jammy
DISTRIB_DESCRIPTION="Ubuntu 22.04.4 LTS"1 reply
-
I found what I believe is the cause of this bug. It seems that there is a post-install script for the .deb package which runs at install as well as when the package is updated, that forcefully sets the bogus-priv flag to true; `-bogus-priv=true`.
Content aside
- 5 mths agoLast active
- 1Replies
- 43Views
-
2
Following