OPNsense Forum

English Forums => General Discussion => Topic started by: jordangarside on March 26, 2023, 09:48:28 am

Title: enable dns64-synthall option for unbound
Post by: jordangarside on March 26, 2023, 09:48:28 am

Hi there  :)

I'm trying to enable the dns64-synthall option for unbound, which doesn't appear to be anywhere in the UI.

I found this comment https://github.com/NLnetLabs/unbound/issues/551#issuecomment-1209810036 (https://github.com/NLnetLabs/unbound/issues/551#issuecomment-1209810036), but I'm not sure how to actually use it.

I'm not super familiar on unbound's configuration management, as well as how opnsense generates the final config (and how to check that final config).

I tried creating a file at

Code: [Select]

/usr/local/etc/unbound.opnsense.d/dns64.conf with the following:

Code: [Select]

server:
    module-config: "respip dns64 validator iterator"
    dns64-synthall: yes
    dns64-prefix: "64:ff9b::/96"

After adding that file I restarted the unbound service.

As far as I can tell unbound is still serving the real AAAA records.

The unbound docs also mention that

Quote

the dns64 module must be configured in the module-config ... and be compiled into the daemon to be enabled.

so I'm not sure if that's happening already or not with just adding the extra .conf file.

Hoping I'm just missing something simple here!