OPNsense Forum

Archive => 22.7 Legacy Series => Topic started by: opnthib on January 23, 2023, 09:28:45 pm

Title: [SOLVED] Unbound: wildcard DNS A/AAAA or CNAME record
Post by: opnthib on January 23, 2023, 09:28:45 pm

Hello,

I would like to install okd/openshift on my HomeLab.
For this, I need to have a DNS entry like this

Quote

*.apps.<cluster_name>.<base_domain>.

A wildcard DNS A/AAAA or CNAME record that refers to the application ingress load balancer. [...]

https://docs.openshift.com/container-platform/4.10/installing/installing_platform_agnostic/installing-platform-agnostic.html#installation-dns-user-infra_installing-platform-agnostic (https://docs.openshift.com/container-platform/4.10/installing/installing_platform_agnostic/installing-platform-agnostic.html#installation-dns-user-infra_installing-platform-agnostic)

It's a "advanced-configurations", so I am referring to https://docs.opnsense.org/manual/unbound.html#advanced-configurations (https://docs.opnsense.org/manual/unbound.html#advanced-configurations)

I have create a file  /usr/local/etc/unbound.opnsense.d/okd.conf with the following content:

Code: [Select]

server:
local-data: "_etcd-server-ssl._tcp.okd.my-domain.lan 180 IN SRV 0 10 2380 etcd-0.okd.my-domain.lan."
local-data: "_etcd-server-ssl._tcp.okd.my-domain.lan 180 IN SRV 0 10 2380 etcd-1.okd.my-domain.lan."
local-data: "_etcd-server-ssl._tcp.okd.my-domain.lan 180 IN SRV 0 10 2380 etcd-2.okd.my-domain.lan."
local-zone: "apps.okd.my-domain.lan" redirect
local-data: "apps.okd.my-domain.lan 86400 IN A 10.100.0.0"
local-data-ptr: "10.100.0.1 etcd-0.okd.my-domain.lan"
local-data-ptr: "10.100.0.2 etcd-1.okd.my-domain.lan"
local-data-ptr: "10.100.0.3 etcd-2.okd.my-domain.lan"

It's ok for SRV, but for local and data zone I have:

Code: [Select]

> $ dig *.apps.okd.my-domain.lan +short
zsh: no matches found: *.apps.okd.my-domain.lan

> $ dig apps.okd.my-domain.lan +short
10.100.0.0
the expected result is nominally the following, right ?

Code: [Select]

> $ dig *.apps.okd.my-domain.lan +short
10.100.0.0
I don't understand where I made a mistake.

Thanks for the help.

PS: okd vlan : 10.100.0.0/24

Title: Re: Unbound: wildcard DNS A/AAAA or CNAME record
Post by: Patrick M. Hausen on January 23, 2023, 09:52:40 pm

"*" is a wildcard. So if you configure a record named "*.foo.bar." you cannot query for "*.foo.bar." - the asterisk is not a valid character in a domain name.

But you can query for "baz.foo.bar.", "quux.foo.bar.", ... and receive the same answer for each imaginable FQDN ending in ".foo.bar."

That's what "wildcard" means.

Title: Re: Unbound: wildcard DNS A/AAAA or CNAME record
Post by: opnthib on January 24, 2023, 10:04:44 pm

holy s****
I feel really stupid right now  :(

The following example from https://blog.ktz.me/configure-unbound-dns-for-openshift-4/ misled me

Quote

Verify with dig:

[alex@ktzTP redhat]$ dig *.apps.ocp4.ktz.lan +short
192.168.1.160

Thank you

PS:

Code: [Select]

> $ dig test.apps.okd.my-domain.lan +short
10.100.0.0
> $ dig foo.apps.okd.my-domain.lan +short
10.100.0.0
;)