I decided to move to OPNsense from pfSense in my LAB in order to easily get IPv6 working on my new ISP (Rogers Canada).
I performed:
1) Installed from the latest image "OPNsense-22.7-OpenSSL-vga-amd64.img".
2) Ran "System/Status/Check For Updates" and installed"22.7.10_2 (amd64/OpenSSL)".
3) Set "DNS Servers" to 1.1.1.1 and 9.9.9.9 in "System/General/Settings".
4) Disabled "System Nameservers" by unckecking "Use System NameServers" in "Services: Unbound DNS: DNS over TLS".
5) Setup "Custom Forwarding" in "Services: Unbound DNS: DNS over TLS" with "1.1.1.1 853" and "9.9.9.9 853".
6) Ran
# configctl unbound check
Got
[1672949530] unbound-checkconf[37450:0] error: duplicate forward zone . ignored.
no errors in /var/unbound/unbound.conf
This is the contents of my "/var/unbound/etc/dot.conf":
# Forward zones
forward-zone:
name: "."
forward-addr: 1.1.1.1@853
forward-addr: 9.9.9.9@853
# Forward zones over TLS
server:
tls-cert-bundle: /etc/ssl/cert.pem
forward-zone:
name: "."
forward-tls-upstream: yes
forward-addr: 1.1.1.1@853
forward-addr: 9.9.9.9@853
So the GUI definitely generates a duplicate "." zone.
BTW, I do score 100% on https://internet.nl/connection (https://internet.nl/connection)
first one
# Forward zones
forward-zone:
name: "."
forward-addr: 1.1.1.1@853
forward-addr: 9.9.9.9@853
is from Services: Unbound DNS: Query Forwarding
I don't recall adding those entries into that tab. Were they auto-applied? Are they necessary?
QuoteWere they auto-applied? Are they necessary?
no and no :)