unbound: Spurious 'PTR record already exists' warnings for all host override aliases

[GitHoubi]

Important notices

Before you add a new report, we ask you kindly to acknowledge the following:

• I have read the contributing guide lines at https://github.com/opnsense/core/blob/master/CONTRIBUTING.md
• I am convinced that my issue is new after having checked both open and closed issues at https://github.com/opnsense/core/issues?q=is%3Aissue

Describe the bug

On every Unbound reconfigure, a LOG_WARNING ('PTR record already exists') is logged for every host override alias, even though the aliases are correctly configured and DNS resolution works fine. The warnings are false positives caused by a logic error in unbound_add_host_entries() in /usr/local/etc/inc/plugins.inc.d/unbound.inc.

Aliases are always constructed with addptr => false (hardcoded). The current condition if ($alias['addptr'] && !in_array(...)) is therefore always false for aliases, so the else branch — the warning — fires unconditionally for every alias on every Unbound reconfigure. No genuine PTR conflict is required to trigger it.

Last known working version: unknown — bug appears to be pre-existing. First confirmed on OPNsense 26.1.4.

To Reproduce

1. Create a Host Override, e.g. myhost.example.com → 192.168.1.10 with "Generate PTR" (Add PTR) enabled
2. Add one or more aliases under that host override (e.g. alias1.example.com, alias2.example.com)
3. Save and apply — reconfigure Unbound
4. Check System Log (Services → Unbound DNS → Log): one PTR record already exists for alias.example.com (192.168.1.10) warning per alias, repeated on every reconfigure

Expected behavior

The warning should only fire when addptr is true AND the IP is already in $ptr_records — i.e. a genuine duplicate PTR. Aliases with addptr=false should silently skip PTR generation without logging a warning.

Describe alternatives you considered

No user-side workaround is available. Setting "Generate PTR" to disabled on the primary host override prevents the warnings but also removes the legitimate PTR record. This is not acceptable as a fix.

Screenshots

N/A

Relevant log files

System log excerpt (repeated on every Unbound reconfigure, one line per alias):

Warning  unbound  PTR record already exists for alias1.example.com(192.168.1.10)
Warning  unbound  PTR record already exists for alias2.example.com(192.168.1.10)

Additional context

Affected file: /usr/local/etc/inc/plugins.inc.d/unbound.inc, function unbound_add_host_entries()

Current (buggy) logic:

if ($alias['addptr'] && !in_array($host->server->getValue(), $ptr_records, true)) {
    $unbound_entries .= "local-data-ptr: ...";
    $ptr_records[] = $host->server->getValue();
} else {
    syslog(LOG_WARNING, 'PTR record already exists for ' . $alias['hostname'] . $alias['domain'] . '(' . $host->server . ')');
}

Since aliases always have addptr => false, the if is never true, so the else (warning) always fires.

Suggested fix — guard the warning inside the addptr check:

if ($alias['addptr']) {
    if (!in_array($host->server->getValue(), $ptr_records, true)) {
        $unbound_entries .= "local-data-ptr: ...";
        $ptr_records[] = $host->server->getValue();
    } else {
        syslog(LOG_WARNING, 'PTR record already exists for ' . $alias['hostname'] . $alias['domain'] . '(' . $host->server . ')');
    }
}

This is a purely cosmetic/logging bug — DNS resolution works correctly. However, the syslog flood misleads users into troubleshooting a non-existent DNS misconfiguration (as documented in the now-closed issue #9996).

Closes: #9996

Environment

OPNsense 26.1.4 (amd64)

[fichtner]

Likely already fixed with b9a5d5c