How to make Unbound DNS to resolve addresses between all interfaces?

[nasjerf]

Hello!

First of all, what I want to do is to reach devices on another VLAN/subnet via hostname instead of IP address. OpnSense is the DNS server, or should be at least :)


Fresh install of latest version of OpnSense. Just created 2 new VLANs/interfaces, added firewall rules to allow any trafic anywhere on both of them for testing.


VLAN 10: 192.168.10.0/24, OpnSense/gateway/DNS address is 192.168.10.1.
VLAN 20: 192.168.20.0/24, OpnSense/gateway/DNS address is 192.168.20.1.

DHCP enabled, and it's giving out 192.168.10.1 as DNS for the VLAN 10, and 192.168.20.1 for the VLAN 20.

Tested with 2 Windows clients on the same VLAN. ping "vm-win11test2" as well as ping "192.168.10.102" works great. Ping to the OpnSense hostname works great also, but responds from the WAN interface of the OpnSense, which has another upstream DNS server on the WAN side of course.

Tested to move one client to the other VLAN. ping "vm-win11test2" gives nothing, "Ping request could not find host vm-win11test2". Ping "192.168.20.102" works great on the other hand, so it's reachable.

Checked firewall logs and can not find anything blocked (should not be either, since everything is "open" with the any rules).

I get the feeling that the OpnSense DNS server either only resolves addresses on the local interface where the client is connected, or not using the local DNS at att - forwarding it to the DNS on the WAN interface directly, which is a separate device. But if that would be the case, it should probably still work I guess, since both clients on both VLANs should act the same.

I'm probably just missing some basic fundamental thing here with my lack of experience of DNS servers, can someone point me in the right direction? Feeling incredibly stupid at the moment, "how hard can it be?" :)

Thanks!

[dseven]

I suspect that the Windows hosts on the same VLAN are using something other than DNS to resolve eachother.

What do you have configured for:

Services > Unbound DNS > General > Register ISC DHCP4 Leases

System > Settings > General > Domain

?

[EricPerl]

Yep. You might want to check to name resolution sources.
A hostname by itself might not get resolved via DNS...

You can check your DNS server logs for queries or use nslookup targeted at the expected DNS server.
Maybe use <hostname>.<yourlocaldomain>? the .<yourlocaldomain> could be added automatically via searchdomains.

Also, how do expect unbound to resolve your local hosts?
Via overrides? from DHCP leases? These require some configuration.

Unbound listens on all interfaces by default. There's one instance. It will reply the same thing on all interfaces.
You just need to make sure you are querying it.