Messages

Hello,

thank you very much for this great tutorial. At some points I despaired a bit, but that was more due to my lack of attention to read correctly!  ;D

Meanwhile everything is running, inside and outside of the network. However, there is one thing I didn't quite understand:

I didn't create DNS-Split nor NAT-Reflection rule and still I can reach all services locally through my subdomain, which shouldn't work.
The WAN rule I activate only temporarily to make a few services public for a short time, usually I am via a VPN or physically in the local network.
I see that Unbound forwards local DNS requests to the nameservers and if I set up a DNS-Split (Host Override) to keep the DNS resolution local, I have no access to my services.

Without DNS-Split or Port-Forwarding: Works
Local Device -> Pi-Hole (cache or forward) -> OPNsense -> Unbound (cache or forward) -> Root Nameserver.

With DNS-Split: Does not work
Local Device -> Pi-Hole (cache or forward) -> OPNsense -> Unbound (e.g. my-service.subdomain.dedyn.io = 192.168.1.50)

Even if everything works, I would like to understand why I do not need DNS split or it does not work.

Kind regards.