HELP!
2021-07-26T10:19:43 unbound[41692] [41692:0] fatal error: Could not set up local zones
2021-07-26T10:19:43 unbound[41692] [41692:0] error: local-data in redirect zone must reside at top of zone, not at OPNsense.localhost A 192.168.2.2
I cannot start Unbound due to this. I tried removing the host_entries.conf but it is regenerated.
I have removed custom options but no change.
I did have Register DHCP leases and Register DHCP static mappings both checked/enabled, but I have sense unchecked and applied, even rebooted, and the host_entries.conf is still regenerated incorrectly.
# cat host_entries.conf
local-zone: "localdomain" transparent
local-data-ptr: "127.0.0.1 localhost"
local-data: "localhost A 127.0.0.1"
local-data: "localhost.localdomain A 127.0.0.1"
local-data-ptr: "::1 localhost"
local-data: "localhost AAAA ::1"
local-data: "localhost.localdomain AAAA ::1"
local-data-ptr: "192.168.2.2 OPNsense.localhost"
local-data: "OPNsense.localhost A 192.168.2.2"
local-data: "OPNsense A 192.168.2.2"
local-data-ptr: "192.168.100.2 OPNsense.localdomain"
local-data: "OPNsense.localdomain A 192.168.100.2"
local-data: "OPNsense A 192.168.100.2"
local-data-ptr: "192.168.0.5 OPNsense.localdomain"
local-data: "OPNsense.localdomain A 192.168.0.5"
local-data: "OPNsense A 192.168.0.5"
local-data-ptr: "192.168.5.1 OPNsense.localdomain"
local-data: "OPNsense.localdomain A 192.168.5.1"
local-data: "OPNsense A 192.168.5.1"
local-data-ptr: "192.168.64.1 OPNsense.streaming"
local-data: "OPNsense.streaming A 192.168.64.1"
local-data: "OPNsense A 192.168.64.1"
local-data-ptr: "172.16.254.1 OPNsense.colibri"
local-data: "OPNsense.colibri A 172.16.254.1"
local-data: "OPNsense A 172.16.254.1"
local-data-ptr: "192.168.2.5 nexus.localdomain"
local-data: "nexus.localdomain IN A 192.168.2.5"
local-data-ptr: "192.168.5.102 USG-WAN2.localdomain"
local-data: "USG-WAN2.localdomain IN A 192.168.5.102"
This is causing a major headache for me.
hi
any host overrides configured?
local-data: "OPNsense.localhost A 192.168.2.2"i cant understand this record. what is the "OPNsense.localhost" supposed to mean?
'localhost.' is default type zone (see docs https://nlnetlabs.nl/documentation/unbound/unbound.conf/)
Quote
The default zones are localhost, reverse 127.0.0.1 and ::1, the onion,
test, invalid and the AS112 zones. The AS112 zones are reverse DNS
zones for private use and reserved IP addresses for which the servers
on the internet cannot provide correct answers. They are configured by
default to give nxdomain (no reverse information) answers. The defaults
can be turned off by specifying your own local-zone of that name, or
using the 'nodefault' type. Below is a list of the default zone con-
tents.
localhost
The IP4 and IP6 localhost information is given. NS and SOA
records are provided for completeness and to satisfy some DNS
update tools. Default content:
local-zone: "localhost." redirect
local-data: "localhost. 10800 IN NS localhost."
local-data: "localhost. 10800 IN
SOA localhost. nobody.invalid. 1 3600 1200 604800 10800"
local-data: "localhost. 10800 IN A 127.0.0.1"
local-data: "localhost. 10800 IN AAAA ::1"
so
local-zone: "localhost." redirect by default and "local-data: "OPNsense.localhost A 192.168.2.2" record breaks config.
Quote from: Fright on July 26, 2021, 07:15:07 PM
any host overrides configured?
local-data: "OPNsense.localhost A 192.168.2.2"
i cant understand this record. what is the "OPNsense.localhost" supposed to mean?
so local-zone: "localhost." redirect by default and "local-data: "OPNsense.localhost A 192.168.2.2" record breaks config.
Yeah I am not sure where it got that, because my domain was localdomain.
In the end, in order to get past this issue, I ended up changing the System > Settings > Domain Name to something else, and when I did so, it seemed to correct the Unbound problem.
That said, I am now having a different issue (lol) which you also responded to:
https://forum.opnsense.org/index.php?topic=24084.0
Also, see this:
https://forum.opnsense.org/index.php?topic=23941.msg114911#msg114911
Not my intention to spread out duplicate threads. I will hang for the new dev build tomorrow that mimugmail referenced, and see if I can make progress with custom Unbound options from there.
Yeah I am not sure where it got that, because my domain was localdomain.
looking at the contents of your host_entries.conf and part of code at
https://github.com/opnsense/core/blob/4ae1555e07e956d2446131716e816aab22642d53/src/etc/inc/plugins.inc.d/unbound.inc#L510-L517
it looks like "localhost" was specified as a domain for dhcpd on the interface with the 192.168.2.2 address ;)
Quote from: Fright on July 26, 2021, 11:02:30 PM
Yeah I am not sure where it got that, because my domain was localdomain.
looking at the contents of your host_entries.conf and part of code at
https://github.com/opnsense/core/blob/4ae1555e07e956d2446131716e816aab22642d53/src/etc/inc/plugins.inc.d/unbound.inc#L510-L517
it looks like "localhost" was specified as a domain for dhcpd on the interface with the 192.168.2.2 address ;)
I will assume yes, a type-o/fat finger on my part and that's what hosed everything. Since I am not having the error any longer especially :)
Thanks again