Text only | Text with Images

OPNsense Forum

English Forums => General Discussion => Topic started by: HuuuR on May 14, 2021, 02:25:34 PM

Title: Unbound Domain Override not working
Post by: HuuuR on May 14, 2021, 02:25:34 PM
Hello everyone..

I'm using Opnsense as my DNS server with services (ADH, Unbound {listen port 5353} & Web Proxy) enabled.
Everything works perfect until I realised that only one (so far) website "saml.det.nsw.edu.au" can't be reached (no ping response as well)
I can see it using any public DNS with nslookup, but not Opnsense server.
I thought it's as simple as adding "saml.det.nsw.edu.au" to the Domain Overrides with a public dns but didn't work.
It would be great if someone can help with a simple way to manually add DNS records or forward without the need to setup a vpn.

Thanks in advance!
Title: Re: Unbound Domain Override not working
Post by: HuuuR on May 17, 2021, 06:26:59 AM
Temporary solution: (applied on client's pc)

Add the required website public ip to the hosts file on the client pc
In my case (windows):
hosts file located at C:\Windows\System32\drivers\etc
Adding below line:
153.107.133.75   saml.det.nsw.edu.au

I guess further lines may be required for subdomains. Hopefully a better cure via the firewall shows up!
Title: Re: Unbound Domain Override not working
Post by: thogru on May 17, 2021, 08:10:11 AM
Hi,

I did some tests from my LAN. DNS seems to work:
Code Select

$ host saml.det.nsw.edu.au
saml.det.nsw.edu.au is an alias for ssoam.wip.det.nsw.edu.au.
ssoam.wip.det.nsw.edu.au has address 153.107.133.75
$ host -a saml.det.nsw.edu.au
Trying "saml.det.nsw.edu.au"
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23483
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;saml.det.nsw.edu.au.           IN      ANY

;; ANSWER SECTION:
saml.det.nsw.edu.au.    973     IN      CNAME   ssoam.wip.det.nsw.edu.au.

Received 61 bytes from 127.0.0.1#53 in 0 ms
$


I am not sure about the content that should be delivered:
Code Select
$ ping saml.det.nsw.edu.au
PING ssoam.wip.det.nsw.edu.au (153.107.133.75): 56 data bytes
^C
--- ssoam.wip.det.nsw.edu.au ping statistics ---
8 packets transmitted, 0 packets received, 100.0% packet loss
$ curl http://saml.det.nsw.edu.au
$ curl https://saml.det.nsw.edu.au

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
      "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>pl0992access01.nsw.education </title>
</head>
<body>
<h1>pl0992access01.nsw.education</h1>

<p>request.getServerName() returns: saml.det.nsw.edu.au</p>

<p><a href="https://saml.det.nsw.edu.au/sso/">SSO Login</a></p>
<p><a href="https://saml.det.nsw.edu.au/sso/console">SSO Admin Console</a></p>
</body>
</html>
$


I hope this helps a little  :)

Kind Regards,
Thomas
Title: Re: Unbound Domain Override not working
Post by: HuuuR on May 17, 2021, 11:02:53 AM
Quote from: thogru on May 17, 2021, 08:10:11 AM

I hope this helps a little  :)

Kind Regards,
Thomas

Thank you Thomas for your reply.

I used to access it before, but since I applied AdGuard & Webproxy, this ONLY web address stopped working, no Ping/Nslookup response unless I switch to the public DNS (attached)
Text only | Text with Images