OPNsense Forum
Archive => 18.7 Legacy Series => Topic started by: neptunus on January 01, 2019, 05:17:35 pm
-
Hello,
I have a Unbound DNS: Override configured.
| host | Domain | Type | Value | Description |
| testing | lan | A | 102.168.10.15 | Test server |
If I ping from a machine in the same subnet is get a DNS lookup.
ping testing.lan
Pinging testing.lan [192.168.10.15] with 32 bytes of data:
But if I ping from de opnsense shell I don't get a response on the DNS lookup.
ping testing.lan
ping: cannot resolve testing.lan: Unknown host
HoweverI can ping the IP.
ping 192.168.10.15
PING 192.168.10.15 (192.168.10.15): 56 data bytes
64 bytes from 192.168.10.15: icmp_seq=0 ttl=64 time=0.506 ms
If a do a host -d lookup for testing.lan I see that the DNS request is going to the DNS server I configured in "System: Settings: General"
host -d testing.lan
Trying "testing.lan"
Trying "testing.lan.lan"
Host testing.lan not found: 3(NXDOMAIN)
Received 105 bytes from xxx.xxx.xx.xx#53 in 13 ms
Maybe I do not understand Unbound DNS yet?
In "Unbound DNS: General" I also selected in "Network Interfaces" "Localhost". By doing this I was expecting that from OPNsense shell I could also do a DNS lookup to a DNS name that was configured in the Overrides table.
Do I make a mistake? Someone tips / hits?
-
Hello,
You not getting what you expected perhaps because the Nameserver you have configured for the firewall. Eg, Settings -> General: DNS Servers. Unless you manually configure Unbound upstream nameservers and switch DNS Server to 127.0.0.1, you will not get the expected result.
Note, if you leave Unbound unconfigured to contact nameservers on it's own, it will use the firewall DNS servers. So simply setting DNS Servers to 127.0.0.1 blindly will have undesired consequences.
Regards
-
Hello,
You not getting what you expected perhaps because the Nameserver you have configured for the firewall. Eg, Settings -> General: DNS Servers. Unless you manually configure Unbound upstream nameservers and switch DNS Server to 127.0.0.1, you will not get the expected result.
Note, if you leave Unbound unconfigured to contact nameservers on it's own, it will use the firewall DNS servers. So simply setting DNS Servers to 127.0.0.1 blindly will have undesired consequences.
Regards
THANKS bugsmanagement
In "System: Settings: General" I disabled the setting below (the box is not checked).
(https://tweakers.net/ext/f/YHGBLxOe3uHYAtPgYTX53pwo/full.png)
If I test with this setting the behavior is as expected.
Trying "testing.lan"
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14785
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;testing.lan. IN A
;; ANSWER SECTION:
testing.lan. 3600 IN A 192.168.10.15
Received 42 bytes from 127.0.0.1#53 in 0 ms
Trying "testing.lan"
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3075
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;testing.lan. IN AAAA
Received 26 bytes from 127.0.0.1#53 in 0 ms
Trying "testing.lan"
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17918
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;testing.lan. IN MX
Received 26 bytes from 127.0.0.1#53 in 0 ms
I use Unbound DNS in my configuration. In "Services: Unbound DNS: General" I have selected the interfaces for Unbound I need, including Localhost. As far as my knowledge is concerned, this configuration is ok. Agree?
-
Does it work? If it does, I guess so?
-
Does it work? If it does, I guess so?
Yes it did, sorry for late response.