Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - beachfork

Pages1
#1
22.7 Legacy Series / Re: Unbound and RFC6761 (Special-Use Domain Names)
January 13, 2023, 04:18:23 PM
Hi! Thanks for the reply!

You're correct, Unbound is only relaying domains that are on my local domain (home.arpa). But if I try to query for example "test.home.arpa" it forwards it outside my network.

I would like for both "home.arpa" and "*.home.arpa" to never be relayed. On a side note, I'm using Unbound as a DoT forwarder, not on recursive mode.

EDIT: Fixed it! Appending the "server:" header as you've mentioned, fixed my .conf file! Thank you very much for the help!
#2
22.7 Legacy Series / Unbound and RFC6761 (Special-Use Domain Names)
January 13, 2023, 03:22:48 PM
Hi!

I'm trying to configure Unbound so Special-Use Domain Names never leave my local network, on the default install, queries like "example.home.arpa" are being forwarded outside my network. According to the RFC6761 there's a list of domains that the resolver should only reply internally and never forward them.

https://datatracker.ietf.org/doc/rfc6761/
https://www.iana.org/assignments/special-use-domain-names/special-use-domain-names.xhtml

What I'm trying to do is, add a rfc6761.conf over at "/usr/local/etc/unbound.opnsense.d", but when I restart Unbound it doesn't start and no errors show up at the logs. Small example of the file:
Code Select
local-zone: "home.arpa" always_nxdomain

Maybe there's another method for achieving this? Thanks for any input!
#3
General Discussion / Re: Unbound and DoT strange interaction
January 10, 2023, 03:52:15 PM
A very nice person on Reddit pointed me to the actual fix!

It was a bad config on the VPS part, specifically the "/etc/hosts" file. I had to add the actual IPv4 and IPv6 entries and remove the entry with 127.0.1.1 localhost! Here's a working example:

Code Select
127.0.0.1 localhost
$IPv4 example.com example
$IPv6 example.com example

Glad it's fixed, and it's nothing related to OPNsense or Unbound!
#4
General Discussion / Unbound and DoT strange interaction
January 10, 2023, 03:24:08 PM
Hi!

I've posted this first on Reddit but I didn't get any replies and I've figured this would be a better place. I have Unbound configured to use DoT to relay DNS requests to a couple of VPSs I have running AdGuard Home. The requests are forwarded and filtered as expected.

The problem I'm facing is that the 1st DNS server I have configured, when I run drill or the DNS lookup via GUI, the answer from Unbound is 127.0.1.1, not the actual A record. Screenshots as follows:

Thanks in advance for any help/input!
Pages1