OPNsense Forum

English Forums => General Discussion => Topic started by: topuli on May 07, 2018, 01:12:26 pm

Title: unbound - dhcpleases
Post by: topuli on May 07, 2018, 01:12:26 pm

Hi,

i have setup dhcp and unbound.
Under System/General/Domain, a domain is set.

Unbound is enabled and "Register DHCP leases in the DNS Resolver" and "Register DHCP static mappings in the DNS Resolver" is set.

My clients do get an ip, dns-server,gateway, dns suffix... via dhcp
I can see the leased IPs under DHCPv4/Leases

However i cant resolve the hosts in my environment.
I have noticed that /var/unbound/dhcpleases.conf is empty!

What i have already tried ist:
set "System\Settings\Administration\Disable DNS Rebinding Checks"
set "Unbound DNS\General\Local Zone Type\static"

Any ideas?

Thx t.

Title: Re: unbound - dhcpleases
Post by: opnfwb on May 09, 2018, 04:11:15 am

Do you have Unbound configured as the local resolver? You mention that the clients are getting a dns-server with their DHCP leases, this needs to be the OPNsense box. If DHCP is configured to hand out a DNS server external to your network, the clients will use this for name resolution and will skip using the local Unbound instance for localized DNS lookups.

Title: Re: unbound - dhcpleases
Post by: topuli on May 12, 2018, 10:27:25 pm

thanks for your reply. yes the dns-server the clients via DHCP is the opnsensebox.

Title: Re: unbound - dhcpleases
Post by: topuli on May 12, 2018, 11:13:12 pm

today i was able to take a closer look at the problem.
after i found out about /usr/local/opnsense/scripts/dns/unbound_dhcpd.py i looked into the scipt.
unbound_control is used to list and read the local data.
So to further isolate my problem i started with:

Code: [Select]

unbound-control -c /var/unbound/unbound.conf list_loca_data I was greeted by an error message:

error: SSL handshake failed
2586055198312:error:14090086:SSL routines:ssl3_get_server_certificate:certificate verfify failed:s3_clnt.c:1269:

the reason my /var/unbound/dhcpleases.conf is empty, is because the command (unbound_control) that wants to read my local data fails.

so i asked my second best friend google and found:
https://forum.ipfire.org/viewtopic.php?t=18906

inspired by this post and after reading https://www.unbound.net/documentation/unbound-anchor.html i:

sshed into the opnsense box

Code: [Select]

cd  /var/unbound
mv root.key _root.key
mv unbound_control.key _unbound_control.key
mv unbound_control.pem _unbound_control.pem

restart unbound in the opnsense gui under System/Diagnostics/Services

unbound restarts and the files root.key, unbound_control.key and unbound_control.pem get regenerated.

Now # unbound-control -c /var/unbound/unbound.conf list_loca_data works and /var/unbound/dhcpleases.conf can be written.

i now can resolve my local dhcp-clients.

Jupidu!

Title: Re: unbound - dhcpleases
Post by: opnfwb on May 13, 2018, 05:04:38 pm

Nice work! Thanks for the followup response so that others can see how it was resolved. Very odd that you had to do this, though. I've never had an issue in my use cases with OPNsense and Unbound.