Hi all,
I want to forward all recursive queries from unbound to named, because named pulls secondary zones I want to have locally. I added this snippet to the unbound configuration according to the documentation available here:
https://docs.opnsense.org/manual/unbound.html#advanced-configurations
server:
forward-zone:
name: "."
forward-addr: 127.0.0.1@53530
When I check the config as recommended, this is the result:
unbound-checkconf: warning: forward-addr: '127.0.0.1@53530' is specified for forward-zone: '.', but do-not-query-localhost: yes means that the address will not be used for lookups.
unbound-checkconf: no errors in /var/unbound/unbound.conf
I did not intentionally set "do-not-query-localhost" anywhere. How can I disable it? With the current config every single request results in a SERVFAIL.
Thanks,
Patrick
Changing the snippet this way solves the problem:
server:
do-not-query-localhost: no
forward-zone:
name: "."
forward-addr: 127.0.0.1@53530
"do-not-query-localhost: yes" seems to be the default.
Yes, we're not setting do-not-query-localhost. Kinda weird Unbound refuses these by default, maybe assuming there is no other service that could be "of service" to it (even from the standard port when Unbound runs on a different one). Or maybe it tries to prevent a loop from happening.
One way or another looks like we need to figure out an automatic way to integrate it given we ship with different solutions that could run side by side.
Open for ideas :)
Cheers,
Franco