Host override requries local domain name to resolve

[patrick3000]

I have DHCP enabled in OPNsense and use it to provide leases for almost all devices on my network. However, I am trying to configure one specific device, my Truenas server, with an actual static mapping not assigned by OPNsense.  (There are reasons for this that aren't worth getting into here.)

This setup mostly works, except for one problem related to name resolution.

The static mapping of the Truenas server is 192.168.1.200. Again, this is not assigned by OPNsense. However, in OPNsense, I added a host override under Unbound mapping the domain "Truenas-server" to 192.168.1.200.

The problem, however, is that now, if I want to reach the server by name from a Linux device on the network, I'm required to prepend the name of the server with the local domain name I set in OPNsense.

So, from a Linux device, "ping Truenas-server" gives "Name or service not known." However, "ping [LocalDomain].Truenas-server" reaches the server.

What's strange is that form a Windows device, I'm able to reach the server with just "ping Truenas-server."

Does anyone know how to fix this so that the name "Truenas-server" resolves to 192.168.1.200 without the need to prepend it with [LocalDomain]?

[patrick3000]

One follow-up point:

An earlier thread discussed a similar issue: https://forum.opnsense.org/index.php?topic=25630.0.

In that thread, there was a suggestion of putting "LocalDomain" in the domain search list in the DHCP configuration settings. I tried that, with and without "opnsense" preceding LocalDomain, and it did not work for me. Maybe I didn't configure it correctly, however, or maybe it's no longer the correct approach.

[Maurice]

How did you configure the host override? Host should be "truenas-server", domain should be your local domain.

Cheers
Maurice

[Patrick M. Hausen]

Did you configure a DNS search domain(s) in you DHCP settings? You need to tell your clients which domain to append automatically.

[patrick3000]

Patrick M. Hausen, do you mean the "Domain search list" field under Services, DHCPv4, LAN?

If so, then entering the local domain name in this field does not solve the problem. It's still necessary to enter the full domain name, with the local domain name included, to get name resolution to the server.

[Patrick M. Hausen]

Some fundamentals:

A nameserver never answers a question for a flat hostname like "truenas". Hosts have FQDNs (fully qualified domain names) and these are part of a domain in the hierarchical DNS system.

When your client asks for a name it uses something named a "resolver library". That resolver library's job when you type "ping truenas" is to ask the nameserver for whatever the user entered, whether it makes sense or not, and then try each domain in the "domain search list" in turn until it receives an answer.

"truenas" without a domain would in fact be the top level domain ".truenas" - which does not exist. Like ".com" or ".org".

So to get a consistent view for all clients and your firewall pick a local domain - it should have at least two parts, because Unbound refuses top level domains. The ".lan" top level domain was defined for strictly local data, so you could pick "<yourname>.lan".

Your TrueNAS will be "truenas.<yourname>.lan", your OPNsense "opnsense.<yourname>.lan" and so on.

Define that domain in the general settings and in DHCP4 and "ping truenas" should automatically be expanded to "truenas.<yourname>.lan" and things just work.

A nameserver will never answer with an IP address for just "truenas".

HTH,
Patrick

[patrick3000]

Patrick M. Hausen, thanks for the explanation. Unfortunately, adding the local domain in "domain search list" in the DHCP client configuration does not solve the problem. I still need to specificy the FQDN to reach the server no matter what I do in host overrides. I guess I can live with that if I can't figure out how to fix it, but it's not ideal.

[cookiemonster]

maybe a look from the client side. I normally run freebsd for infra and ubuntu for desktops at home.

Code: [Select]

$ resolvectl status
Global
       Protocols: -LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
resolv.conf mode: stub

Link 2 (enp0s31f6)
Current Scopes: none
     Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported

Link 3 (wlp58s0)
    Current Scopes: DNS
         Protocols: +DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
Current DNS Server: 192.168.5.1
       DNS Servers: 192.168.5.1
        DNS Domain: moomoolandI don't have any domains in the DHCP settings. All via Unbound and AdGuard.

[patrick3000]

I finally got it working. It turns out that it wasn't really an OPNSense problem. It was a problem with how I set up a static IP address and host name in the server I was trying to reach. The server I configured was Truenas Scale, and the default domain on that server is "local," which is different from the local domain I have established for the rest of the network in OPNsense.

When I changed the domain in the Truenas settings to the same one specified for the network in OPNsense, it worked. I can now reach the server with just the short name, not the FQDN.

For anyone else setting up a static IP and host name for a server (not on a lease through OPNsense DHCP), in order for name resolution to work without the fully qualified domain name, you need to ensure that the domain specified in the server with static IP matches the domain specified in the OPNsense settings for the rest of your network.