Hi everyone,
I recently ran into a strange issue where some devices in my network were unable to use certain apps (in particular, Android-based POS devices). After some troubleshooting, I checked the Unbound DNS logs on my OPNsense firewall and noticed that in several cases, the local domain was being appended to external FQDNs.
Here is an example
Time Domain Action Source Return Code Resolve time TTL
2025-07-09 12:59:55 api.sunmi.com. Pass Cache NOERROR 0ms 27
2025-07-09 12:59:50 api.sunmi.com. Pass Recursion NOERROR 394ms 32
2025-07-09 12:58:45 api.sunmi.com. Pass Recursion NOERROR 15ms 50
2025-07-09 12:58:45 api.sunmi.com.domainname.local. Pass Recursion NXDOMAIN 14ms 85
Or Attached u can find a Screenshot
As you can see, the query api.sunmi.com resolves correctly. However, there's also a request for api.sunmi.com.domainname.local, which fails with NXDOMAIN. This seems to be causing issues with app connectivity and delays.
Now I'm wondering:
Is this a client-side issue, or is Unbound responsible for appending the local domain?
For years I've used domainname.at as the system domain under System > Settings > General. Recently I changed it to domainname.local for testing, but the behavior still occurs.
If anyone has seen this before or knows how to prevent Unbound from appending the local domain to fully qualified hostnames, I'd really appreciate your input.
Let me know if you need more details!
Thanks, Chris
Your clients do this. An recursive DNS server only tries to answer what the client asks it - verbatim.
Ok i see.
I cannot filter this behavior on Opnsense/Unbound site or ?
And is it sure that the client asks for the full "false" domain name? Or does he send a incomplete request which is completed by Unbound ?
Regards, Christoph
DNS servers never "complete" requests. The resolver library on the client does that.