I have opnsense setup behind a AT&T fiber WAN for my home network where I have a LAN and Unbound DNS with overrides to make some public names resolve to local addresses. IPV6 not enabled. Functionally, names seem to resolve correctly, like if I ping a domain name. But it's hard to debug some things because nslookup always puts the "Connection-specific DNS Suffix" (ipconfig) on the names I give it.
For example if I nslookup google.com I get output like this:
QuoteServer: OPNsense.<MYDOMAIN>.net
Address: <MY LAN GATEWAY IP>
Non-authoritative answer:
Name: google.com.<MYDOMAIN>.net
Address: <MY PUBLIC IP>
The name is always treated like a subdomain of my opnsense domain as set at System->Settings->General->Domain. At Services->DHCPv4->lan->Domain Name I see where I can put in a override. But there seems to be no way to "override" with a blank name since leaving it blank says to use the system default name.
How do I make my Windows nslookup resolve names correctly?
Add an trailing dot!
nslookup
google.com.
+1
It seems, your (upstream-)domainserver has a wildcard-entry (*.mydomain.net) thats why. I removed this, and now it works.
btw. on some strange apps as citrix, this caused connection-problems.
Never had to add a trailing dot before...
The trailing dot works thanks! Also weird that most people don't seem to need it. Joining their camp would be ideal but this moves me along some :)
Have you just stolen someone else's domain for your internal use? If not, just remove the wildcard record from public DNS, it's a horrible idea to have it anyway.