Show Posts
1
22.1 Legacy Series / Re: [unbound] host override won't work when DHCP registration is turned on.
« on: April 30, 2022, 01:24:05 am »
Hey!
So I ran into a very similar situation where I wanted to add host overrides so that
I noticed that with DHCP lease registration in Unbound I was no longer able to get any overrides working anymore.
I was poking around the unbound configuration in
Here's the include order:
I also noticed that part of the unbound startup script is to clear out the conf files in
The last set of conf files to be included though, are
Those conf files originally live within
what I ended up doing was creating a new custom.conf file within that directory, and added my unbound settings in there (btw I am very much a newb at unbound so this might not be the right way to do this, but it works for me and my use case. hopefully someone with a better understanding of unbound could chime in and explain exactly what is happening)
after doing that and restarting unbound in the OPNSense UI i was succesfully able to get nslookup for media.example.com to return the right IP address, as well as subdomain.media.example.com. this worked with computer.example.com and subdomain.computer.example.com as well.
I still have DHCP lease registration enabled and have no issues with this setup.
Hope this helps!
So I ran into a very similar situation where I wanted to add host overrides so that
Code: [Select]
*.computer.example.com gets redirected to Code: [Select]
computer.example.com because thats where I have an NGINX reverse-proxy to direct traffic based off of subdomains.I noticed that with DHCP lease registration in Unbound I was no longer able to get any overrides working anymore.
I was poking around the unbound configuration in
Code: [Select]
/var/unbound on the server and noticed that Code: [Select]
/var/unbound/dhcpleases.conf gets included AFTER Code: [Select]
/var/unbound/host_entries.conf, and that order seems to be important when it comes to these things in unbound.Here's the include order:
Code: [Select]
...
# DNS Rebinding
# Private domains (DNS Rebinding)
include: /var/unbound/private_domains.conf
# Access lists
include: /var/unbound/access_lists.conf
# Static host entries
include: /var/unbound/host_entries.conf
# DHCP leases (if configured)
include: /var/unbound/dhcpleases.conf
# Custom includes
include: /var/unbound/etc/*.conf
...
I also noticed that part of the unbound startup script is to clear out the conf files in
Code: [Select]
/var/unbound and repopulate them, meaning that i can't just directly add my overrides directly to those conf files.The last set of conf files to be included though, are
Code: [Select]
/var/unbound/etc/*.confThose conf files originally live within
Code: [Select]
/usr/local/etc/unbound.opnsense.d/ and get copied over on unbound startupwhat I ended up doing was creating a new custom.conf file within that directory, and added my unbound settings in there (btw I am very much a newb at unbound so this might not be the right way to do this, but it works for me and my use case. hopefully someone with a better understanding of unbound could chime in and explain exactly what is happening)
Code: [Select]
local-data: "media.example.com IN A 10.0.0.69" // this is a new record, media is not an existing hostname
local-zone: "computer.example.com" redirect // this is to redirect *.computer.example.com to computer.example.com
local-data: "computer.example.com A 10.0.0.69" // i honestly dont know why this is "needed" but it gets mad and doesnt work right if i dont do this
local-zone: "media.example.com" redirect // this is to redirect *.media.example.com to media.example.com
local-data: "media.example.com A 10.0.0.69" // same as above, doesnt work right if i dont include this
after doing that and restarting unbound in the OPNSense UI i was succesfully able to get nslookup for media.example.com to return the right IP address, as well as subdomain.media.example.com. this worked with computer.example.com and subdomain.computer.example.com as well.
I still have DHCP lease registration enabled and have no issues with this setup.
Hope this helps!