Hello all,
I have two OPNsense fiewalls, with a S2S VPN between them. I can ping IPs of each, from the other side. I am trying to allow DNS information from one side to the other. When I stop and start Unbound I am getting the following error:
Error unbound [3100:4] error: duplicate forward zone nsc.home. ignored.
I am not sure how this error is happening. I do not see a duplication. I have specified the nsc.home domain in the following:
1) Unbound/Overrides/Domain Overrides
2) Unbound/Advanced/Private Domains
3) Unbound/Query Forwarding
Why am I getting this error?
Steve
Don't use Domain Overrides and Query Forwarding for the same domain. This is mostly the same feature, though Domain Overrides are considered somewhat legacy now.
https://docs.opnsense.org/manual/unbound.html#domain-override-settings
Cheers
Maurice
Quote from: Maurice on October 30, 2023, 12:13:47 AM
Don't use Domain Overrides and Query Forwarding for the same domain. This is mostly the same feature, though Domain Overrides are considered somewhat legacy now.
https://docs.opnsense.org/manual/unbound.html#domain-override-settings
Cheers
Maurice
Thanks Maurice!
I do have one addtl question that I hope you might know about. I have query forwarding to the far side OPNsense/Unbound DNS server. When I try to ping a device on the far side I get no resolution. Do I need to do anything on the far side Unbound, to let DNS information flow to the near side?
Well, I guess check your routes, firewall rules and Unbound ACLs.