os-bind: Limit listening interfaces #5103
Description
Important notices
Before you add a new report, we ask you kindly to acknowledge the following:
- I have read the contributing guide lines at https://github.com/opnsense/plugins/blob/master/CONTRIBUTING.md
- I have searched the existing issues, open and closed, and I'm convinced that mine is new.
- When the request is meant for an existing plugin, I've added its name to the title.
Is your feature request related to a problem? Please describe.
I'm looking at running Bind authoritatively and publicly, and Unbound privately as a non-authoritative recursive resolver. Since publicly Bind has to be on port 53, this will clash with Unbound.
Describe the solution you'd like
Unbound already has an option to select which interfaces are listened on - if this can be done for Bind they can operate concurrently. We may need an option to select/deselect the loopback interface too though - it's not presently an option
Describe alternatives you've considered
Changing the Unbound listen port. This is a little fraught since DNS resolution config on clients has so many paths, it's quite likely some apps will heavily rely on the default port 53.
Additional context
Unbound option:
