OPNsense Forum
Archive => 23.1 Legacy Series => Topic started by: csk4l3 on July 29, 2023, 12:26:12 am
-
Hi @all,
I have a very weird issue with Unbound. I have two specific domains that Unbound is unable to resolve:
idp.zentral.idp.splitdns.ti-dienste.de
erp.zentral.erp.splitdns.ti-dienste.de
When I query Google, Clouflare or Quad9 directly I do get the correct answer. But when I query 127.0.0.1 I don't get a result. Also worth mentioning that unbound-host idp.zentral.idp.splitdns.ti-dienste.de will return the correct result yet unbound-host -r idp.zentral.idp.splitdns.ti-dienste.de will not.
I asked a friend who's also running OPNsense 23.1 and he's having the same issue. Can anyone else confirm this behavior and better yet provide an explanation or even a fix?
Thx in advance to anyone who takes the time to read this or even respond!
-
Rebind protection. The IP addresses these domains resolve to are in 100.64.0.0/10. This is not publicly routable address space, but "shared address space" used by ISPs for CPEs behind CGNAT. Not sure why one would use such addresses in public DNS.
If you're sure you want this, you can remove that address space from Unbound's list of rebind protection networks.
Cheers
Maurice
-
Hi Maurice,
thx so much for your reply and the explanation. Did not know those addresses weren’t publicly routed. Could I explicitly whitelist those two exceptions or the domain *.splitdns.to-dienste.de to solve the issue. Don’t really feel like messing with Unboud’s rebind protection list.
Cheers mate
Crs
-
You can create exceptions for these domains by adding them to Services: Unbound DNS: Advanced: Private Domains.
-
yep that seems to be working. Thx again mate.