1
21.1 Legacy Series / Unbound Host Override Not Working
« on: June 06, 2021, 07:46:44 am »
Hello,
I'm a very recent opnsense convert from pfSense and have everything working as intended except for a weird issue with Unbound host overrides that I can't figure out and am hoping might have an idea.
Scenario:
1) DHCP Registration is enabled which registers my Docker server's hostname (FQDN example: docker.home.lan).
2) I have an nginx reverse proxy running in front of my containers so I can access each container by its service name. (FQDN example: container1.home.lan, container2.home.lan, etc...)
I have a host override setup to create an A record for container1.home.lan pointing to the Docker server's IP (the same IP as docker.home.lan that exists via DHCP Registation) and an alias for container2.home.lan. However when I do this the entries refuse to resolve, any attempt results in an NXDOMAIN.
I restored my old pfsense config in a VM to see if I could spot any unbound config differences and noticed opnsense is adding PTR records for the the override and any associated aliases where pfsense doesn't.
Code Snip for both:
opnsense (host_entries.conf):
pfsense (host_entries.conf)
So on a whim, I commented out the PTR records for the overrides, and restarted unbound via CLI to prevent the config files from getting rebuilt and sure enough it works like a charm. Some other test I've tried:
1) Changing destination IP of the override to one not currently in use works.
2) Changing the IP to a host that has a static mapping works
3) Adding a static mapping for the Docker server makes the override work.
Does anyone happen to have an idea, or perhaps a better way to do what I'm trying, it seems to be specific to DHCP Registrations? I'm trying to pinpoint the exact reason to help with bug reporting but am coming up empty (#3 /might/ work because the static mapping is in the same config file as the override, but that might be a stretch). I currently have #3 setup to work in the interim, but I'm trying to slowly eliminate my dependency on static mappings for hosts, especially VMs where their mac addresses will change as you rebuild the VM.
Thanks in advance and apologies for the word wall.
I'm a very recent opnsense convert from pfSense and have everything working as intended except for a weird issue with Unbound host overrides that I can't figure out and am hoping might have an idea.
Scenario:
1) DHCP Registration is enabled which registers my Docker server's hostname (FQDN example: docker.home.lan).
2) I have an nginx reverse proxy running in front of my containers so I can access each container by its service name. (FQDN example: container1.home.lan, container2.home.lan, etc...)
I have a host override setup to create an A record for container1.home.lan pointing to the Docker server's IP (the same IP as docker.home.lan that exists via DHCP Registation) and an alias for container2.home.lan. However when I do this the entries refuse to resolve, any attempt results in an NXDOMAIN.
I restored my old pfsense config in a VM to see if I could spot any unbound config differences and noticed opnsense is adding PTR records for the the override and any associated aliases where pfsense doesn't.
Code Snip for both:
opnsense (host_entries.conf):
Code: [Select]
local-data-ptr: "10.0.0.100 container1.home.lan"
local-data: "container1.home.lan IN A 10.0.0.100"
local-data-ptr: "10.0.0.100 container2.home.lan"
local-data: "container2.home.lan IN A 10.0.0.100"
pfsense (host_entries.conf)
Code: [Select]
local-data: "container1.home.lan A 10.0.0.100"
local-data: "container2.home.lan A 10.0.0.100"
So on a whim, I commented out the PTR records for the overrides, and restarted unbound via CLI to prevent the config files from getting rebuilt and sure enough it works like a charm. Some other test I've tried:
1) Changing destination IP of the override to one not currently in use works.
2) Changing the IP to a host that has a static mapping works
3) Adding a static mapping for the Docker server makes the override work.
Does anyone happen to have an idea, or perhaps a better way to do what I'm trying, it seems to be specific to DHCP Registrations? I'm trying to pinpoint the exact reason to help with bug reporting but am coming up empty (#3 /might/ work because the static mapping is in the same config file as the override, but that might be a stretch). I currently have #3 setup to work in the interim, but I'm trying to slowly eliminate my dependency on static mappings for hosts, especially VMs where their mac addresses will change as you rebuild the VM.
Thanks in advance and apologies for the word wall.