Messages

Hi guys, I have read many threads and I am not getting this to work.

Could someone please tell me the current best practices for enabling Chromecast with multiple VLANs?

- I have static IP's for my Chromecasts defined in an Alias.
- Chromecasts are on my IOT VLAN.
- Phones/PC's are on my LAN VLAN.
- I have tried mDNS and UDP Broadcast Relay plugins.

I would sincerely appreciate someone spending a few minutes to give me a step-by-step on which plugin is needed, and which firewall rules are needed.

If you wish, you can use my real subnets:
- LAN VLAN 192.168.2.0/24
- IOT VLAN 192.168.64.0/24

Greatly appreciated!

From GitHub, it looks like this has been solved? How can I test the new version?

It only extends it with a new "custom" submenu under Unbound service.

That said, I don't believe it's working yet.

Also looked at dnsmasq in OPN and found this language (this time I RTFM)

The domain name to use for DHCP hostname registration. If empty, the default system domain is used. Note that all DHCP leases will be assigned to the same domain. If this is undesired, static DHCP lease registration is able to provide coherent mappings.

So I guess dnsmasq also out.

Doesn't Unbound support ddns updates from dhcpd like BIND does? But I get your point.

Does this imply that replacing Unbound with BIND on OPN would solve this issue?

Because if yes, then possibly a workaround for me would be to *add* BIND to the mix, on another port, and I can then configure by implementation to query BIND for local PTR resolution, while leaving Unbound untouched.

Or maybe just replace Unbound?  I have to admit, it's been years since I used BIND.

Yeah I am not sure where it got that, because my domain was localdomain.
looking at the contents of your host_entries.conf and part of code at
https://github.com/opnsense/core/blob/4ae1555e07e956d2446131716e816aab22642d53/src/etc/inc/plugins.inc.d/unbound.inc#L510-L517
it looks like "localhost" was specified as a domain for dhcpd on the interface with the 192.168.2.2 address  ;)

I will assume yes, a type-o/fat finger on my part and that's what hosed everything.  Since I am not having the error any longer especially :)

Thanks again

Tomorrow is 21.1.9 and new dev build, this should be it.
Otherwise:

opnsense-code core
cd /usr/core
make upgrade

I tried:

Code Select Expand

# opnsense-code core
Updating OPNsense repository catalogue...
OPNsense repository is up to date.
Updating SunnyValley repository catalogue...
SunnyValley repository is up to date.
Updating mimugmail repository catalogue...
mimugmail repository is up to date.
All repositories are up to date.
The following 3 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
        cvsps: 2.1_2 [OPNsense]
        git: 2.32.0_1 [OPNsense]
        p5-Error: 0.17029 [OPNsense]

Number of packages to be installed: 3

The process will require 23 MiB more space.
4 MiB to be downloaded.
[1/3] Fetching git-2.32.0_1.txz: 100%    4 MiB 571.4kB/s    00:08
[2/3] Fetching p5-Error-0.17029.txz: 100%   27 KiB  27.5kB/s    00:01
[3/3] Fetching cvsps-2.1_2.txz: 100%   41 KiB  41.9kB/s    00:01
Checking integrity... done (0 conflicting)
[1/3] Installing p5-Error-0.17029...
[1/3] Extracting p5-Error-0.17029: 100%
[2/3] Installing cvsps-2.1_2...
[2/3] Extracting cvsps-2.1_2: 100%
[3/3] Installing git-2.32.0_1...
===> Creating groups.
Creating group 'git_daemon' with gid '964'.
===> Creating users
Creating user 'git_daemon' with uid '964'.
[3/3] Extracting git-2.32.0_1: 100%
=====
Message from git-2.32.0_1:

--
If you installed the GITWEB option please follow these instructions:

In the directory /usr/local/share/examples/git/gitweb you can find all files to
make gitweb work as a public repository on the web.

All you have to do to make gitweb work is:
1) Please be sure you're able to execute CGI scripts in
   /usr/local/share/examples/git/gitweb.
2) Set the GITWEB_CONFIG variable in your webserver's config to
   /usr/local/etc/git/gitweb.conf. This variable is passed to gitweb.cgi.
3) Restart server.


If you installed the CONTRIB option please note that the scripts are
installed in /usr/local/share/git-core/contrib. Some of them require
other ports to be installed (perl, python, etc), which you may need to
install manually.
Cloning into '/usr/tools'...
remote: Enumerating objects: 10466, done.
remote: Counting objects: 100% (461/461), done.
remote: Compressing objects: 100% (181/181), done.
remote: Total 10466 (delta 282), reused 379 (delta 253), pack-reused 10005
Receiving objects: 100% (10466/10466), 9.98 MiB | 3.02 MiB/s, done.
Resolving deltas: 100% (6474/6474), done.
make: "/usr/tools/Makefile" line 68: Cannot open /usr/tools/config/21.1/build.conf
make: Fatal errors encountered -- cannot continue

[local-zone: "localhost." redirect]

any host overrides configured?
local-data: "OPNsense.localhost A 192.168.2.2"
i cant understand this record. what is the "OPNsense.localhost" supposed to mean?
so local-zone: "localhost." redirect by default and "local-data: "OPNsense.localhost A 192.168.2.2" record breaks config.

Yeah I am not sure where it got that, because my domain was localdomain.

In the end, in order to get past this issue, I ended up changing the System > Settings > Domain Name to something else, and when I did so, it seemed to correct the Unbound problem.

That said, I am now having a different issue (lol) which you also responded to:
https://forum.opnsense.org/index.php?topic=24084.0

Also, see this:
https://forum.opnsense.org/index.php?topic=23941.msg114911#msg114911

Not my intention to spread out duplicate threads.  I will hang for the new dev build tomorrow that mimugmail referenced, and see if I can make progress with custom Unbound options from there.

[If empty, the default system domain is used. Note that all DHCP leases will be assigned to the same domain. If this is undesired, static DHCP lease registration is able to provide coherent mappings.]

its all in help text for unbound settings:
DHCP Domain Override: The domain name to use for DHCP hostname registration. If empty, the default system domain is used. Note that all DHCP leases will be assigned to the same domain. If this is undesired, static DHCP lease registration is able to provide coherent mappings.

Would you look at that.  RTFM :)

I didn't have full help toggled so missed that apparently.

OK, but you might guess my next question --- while I have a small number of static DHCP leases, the overwhelming majority are not.  So what is the proposed solution or workaround?

It seems like this is a fairly major limitation if I am understanding correctly.  Isn't it pretty standard to have multiple DHCP servers on more than one subnet/VLAN with unique domain naming convention?

I would be willing to accept a command line solution if necessary.

Appreciate your help.

@mimugmail I upgraded to 21.7 dev build in order to use your custom options.

However, I am not seeing expected changes to my Unbound.  Where exactly are the custom options written on disk?  I checked /var/unbound/conf.d and etc, both empty.

I am having the same issue as this 3 year old post:

https://forum.opnsense.org/index.php?topic=7983.0

I have multiple VLANs.  Each VLAN running its own interface DHCP on OPN.  The domain name is different for each VLAN.

The problem is that the dhcpleases.conf generated by Unbound has only the "main" domain name picked up from System > Settings > General > Domain name.

This ends up creating a resolution problem.

Help :)

HELP!

Code Select Expand

2021-07-26T10:19:43 unbound[41692] [41692:0] fatal error: Could not set up local zones
2021-07-26T10:19:43 unbound[41692] [41692:0] error: local-data in redirect zone must reside at top of zone, not at OPNsense.localhost A 192.168.2.2

I cannot start Unbound due to this.  I tried removing the host_entries.conf but it is regenerated.

I have removed custom options but no change.

I did have Register DHCP leases  and Register DHCP static mappings both checked/enabled, but I have sense unchecked and applied, even rebooted, and the host_entries.conf is still regenerated incorrectly.

Code Select Expand

# cat host_entries.conf
local-zone: "localdomain" transparent
local-data-ptr: "127.0.0.1 localhost"
local-data: "localhost A 127.0.0.1"
local-data: "localhost.localdomain A 127.0.0.1"
local-data-ptr: "::1 localhost"
local-data: "localhost AAAA ::1"
local-data: "localhost.localdomain AAAA ::1"
local-data-ptr: "192.168.2.2 OPNsense.localhost"
local-data: "OPNsense.localhost A 192.168.2.2"
local-data: "OPNsense A 192.168.2.2"
local-data-ptr: "192.168.100.2 OPNsense.localdomain"
local-data: "OPNsense.localdomain A 192.168.100.2"
local-data: "OPNsense A 192.168.100.2"
local-data-ptr: "192.168.0.5 OPNsense.localdomain"
local-data: "OPNsense.localdomain A 192.168.0.5"
local-data: "OPNsense A 192.168.0.5"
local-data-ptr: "192.168.5.1 OPNsense.localdomain"
local-data: "OPNsense.localdomain A 192.168.5.1"
local-data: "OPNsense A 192.168.5.1"
local-data-ptr: "192.168.64.1 OPNsense.streaming"
local-data: "OPNsense.streaming A 192.168.64.1"
local-data: "OPNsense A 192.168.64.1"
local-data-ptr: "172.16.254.1 OPNsense.colibri"
local-data: "OPNsense.colibri A 172.16.254.1"
local-data: "OPNsense A 172.16.254.1"
local-data-ptr: "192.168.2.5 nexus.localdomain"
local-data: "nexus.localdomain IN A 192.168.2.5"
local-data-ptr: "192.168.5.102 USG-WAN2.localdomain"
local-data: "USG-WAN2.localdomain IN A 192.168.5.102"


This is causing a major headache for me.