Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
19.1 Legacy Series
»
Unbound DNS Domain Overrides don't appear to be working
« previous
next »
Print
Pages: [
1
]
Author
Topic: Unbound DNS Domain Overrides don't appear to be working (Read 4698 times)
aspiringgreybeard
Newbie
Posts: 2
Karma: 0
Unbound DNS Domain Overrides don't appear to be working
«
on:
August 29, 2019, 07:15:33 pm »
Hi. I'm using Unbound for DNS Resolution on our office LANs (two offices connected by an IPSEC tunnel).
In general settings, I've used the company's Internet domain name, e.g. thecompany.com.
For DHCP and Unbound DNS registration, I've used local domains, e.g site1.thecompany.corp and site2.thecompany.corp.
On each OPNSense Firewall, I've added a domain override for the other side. So at site1 I have an override for site2.thecompany.corp and at site2 I have a domain override for site1.thecompany.corp.
I've set them each to do lookups against the LAN interface on the other side of the VPN tunnel, and set ACLs for each allowing the lookup.
At both site1 and site2 LAN clients can resolve clients at the same site with no problem, but site1 can't resolve names and site2 and vice-versa.
Can anyone give me some idea where to look? I've been chasing my tail for a while and a search of previous topics didn't get me over the hump. I'd appreciate any help anyone can provide!
Logged
aspiringgreybeard
Newbie
Posts: 2
Karma: 0
Re: Unbound DNS Domain Overrides don't appear to be working
«
Reply #1 on:
August 30, 2019, 08:20:01 pm »
SOLVED!
Traffic that originates on the firewall itself will not be routed to the IPSEC tunnel.
I worked around the issue by replacing the LAN interface entries in the overrides with WAN interface entries and added the appropriate rules to allow the traffic.
We're in business now!
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
19.1 Legacy Series
»
Unbound DNS Domain Overrides don't appear to be working