OPNsense Forum

Archive => 19.1 Legacy Series => Topic started by: aspiringgreybeard on August 29, 2019, 07:15:33 pm

Title: Unbound DNS Domain Overrides don't appear to be working
Post by: aspiringgreybeard on August 29, 2019, 07:15:33 pm

Hi.  I'm using Unbound for DNS Resolution on our office LANs (two offices connected by an IPSEC tunnel).

In general settings, I've used the company's Internet domain name, e.g. thecompany.com.

For DHCP and Unbound DNS registration, I've used local domains, e.g site1.thecompany.corp and site2.thecompany.corp.

On each OPNSense Firewall, I've added a domain override for the other side.  So at site1 I have an override for site2.thecompany.corp and at site2 I have a domain override for site1.thecompany.corp.

I've set them each to do lookups against the LAN interface on the other side of the VPN tunnel, and set ACLs for each allowing the lookup.

At both site1 and site2 LAN clients can resolve clients at the same site with no problem, but site1 can't resolve names and site2 and vice-versa.

Can anyone give me some idea where to look?  I've been chasing my tail for a while and a search of previous topics didn't get me over the hump.   I'd appreciate any help anyone can provide!

Title: Re: Unbound DNS Domain Overrides don't appear to be working
Post by: aspiringgreybeard on August 30, 2019, 08:20:01 pm

SOLVED!

Traffic that originates on the firewall itself will not be routed to the IPSEC tunnel.

I worked around the issue by replacing the LAN interface entries in the overrides with WAN interface entries and added the appropriate rules to allow the traffic.

We're in business now!