"
Hi there,
Am running into the issue with unbound + wildcard host overrides.
Basically, I want the wildcard domain *.abc.com to be forwarded to 192.168.123.1 where I got a traefik instance running, which serves as a reverse proxy and then routes traffic to internal / external services.
I want my opnsense (opnsense.abc.com) to work with the above rule too.
Problem is, unbound would not start if I set up my opnsense to be part of the abc.com domain in System Settings. Unbound would throw an error
Id have to point opnsense to a separate domain, e.g. abc.com.arpa .
On the traefik end I would then set up a rule to forward request @ opnsense.abc.com to its IP. It kind of works but opnsense would complain that there's a possible DNS rebinding attack. I'd have to disable the check in system settings.
So sadly right now the set up would only work with a workaround present. My question is - can I set my opnsense to the domain I desire while also enabling the wildcard host overrides rule in unbound?
Thanks!
Am running into the issue with unbound + wildcard host overrides.
Basically, I want the wildcard domain *.abc.com to be forwarded to 192.168.123.1 where I got a traefik instance running, which serves as a reverse proxy and then routes traffic to internal / external services.
I want my opnsense (opnsense.abc.com) to work with the above rule too.
Problem is, unbound would not start if I set up my opnsense to be part of the abc.com domain in System Settings. Unbound would throw an error
Code Select
error: local-data in redirect zone must reside at top of zone, not at opnsense.abc.com A 192.168.0.1
Id have to point opnsense to a separate domain, e.g. abc.com.arpa .
On the traefik end I would then set up a rule to forward request @ opnsense.abc.com to its IP. It kind of works but opnsense would complain that there's a possible DNS rebinding attack. I'd have to disable the check in system settings.
So sadly right now the set up would only work with a workaround present. My question is - can I set my opnsense to the domain I desire while also enabling the wildcard host overrides rule in unbound?
Thanks!
