OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Profile of beachfork »
  • Show Posts »
  • Messages
  • Profile Info
    • Summary
    • Show Stats
    • Show Posts...
      • Messages
      • Topics
      • Attachments

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

  • Messages
  • Topics
  • Attachments

Messages - beachfork

Pages: [1]
1
22.7 Legacy Series / Re: Unbound and RFC6761 (Special-Use Domain Names)
« on: January 13, 2023, 04:18:23 pm »
Hi! Thanks for the reply!

You're correct, Unbound is only relaying domains that are on my local domain (home.arpa). But if I try to query for example "test.home.arpa" it forwards it outside my network.

I would like for both "home.arpa" and "*.home.arpa" to never be relayed. On a side note, I'm using Unbound as a DoT forwarder, not on recursive mode.

EDIT: Fixed it! Appending the "server:" header as you've mentioned, fixed my .conf file! Thank you very much for the help!

2
22.7 Legacy Series / Unbound and RFC6761 (Special-Use Domain Names)
« on: January 13, 2023, 03:22:48 pm »
Hi!

I'm trying to configure Unbound so Special-Use Domain Names never leave my local network, on the default install, queries like "example.home.arpa" are being forwarded outside my network. According to the RFC6761 there's a list of domains that the resolver should only reply internally and never forward them.

https://datatracker.ietf.org/doc/rfc6761/
https://www.iana.org/assignments/special-use-domain-names/special-use-domain-names.xhtml

What I'm trying to do is, add a rfc6761.conf over at "/usr/local/etc/unbound.opnsense.d", but when I restart Unbound it doesn't start and no errors show up at the logs. Small example of the file:
Code: [Select]
local-zone: "home.arpa" always_nxdomain
Maybe there's another method for achieving this? Thanks for any input!

3
General Discussion / Re: Unbound and DoT strange interaction
« on: January 10, 2023, 03:52:15 pm »
A very nice person on Reddit pointed me to the actual fix!

It was a bad config on the VPS part, specifically the "/etc/hosts" file. I had to add the actual IPv4 and IPv6 entries and remove the entry with 127.0.1.1 localhost! Here's a working example:

Code: [Select]
127.0.0.1 localhost
$IPv4 example.com example
$IPv6 example.com example
Glad it's fixed, and it's nothing related to OPNsense or Unbound!

4
General Discussion / Unbound and DoT strange interaction
« on: January 10, 2023, 03:24:08 pm »
Hi!

I've posted this first on Reddit but I didn't get any replies and I've figured this would be a better place. I have Unbound configured to use DoT to relay DNS requests to a couple of VPSs I have running AdGuard Home. The requests are forwarded and filtered as expected.

The problem I'm facing is that the 1st DNS server I have configured, when I run drill or the DNS lookup via GUI, the answer from Unbound is 127.0.1.1, not the actual A record. Screenshots as follows:

Thanks in advance for any help/input!

Pages: [1]
OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2