Unbound domains override - not working

[GreenMatter]

I've seen many threads about that issue and it seems it's still valid one.
I'm on 20.7.3 and want to set override for 2 domains
domain1
IP 172.33.1.2 (tried with @53 - doesn't help)



domain2
IP 172.33.1.2


And Unbound doesn't forward queries. Am I doing something wrong or Unbound is erratic?

[GreenMatter]

I tried manual input:

Code: [Select]

forward-zone:
        name: "domain1."
        forward-addr: 172.33.1.2
forward-zone:
        name: "domain2."
        forward-addr: 172.33.1.2And result is the same - it's not being forwarded...


EDIT:

As DNSSEC is enabled, I added domain-insecure option:

Code: [Select]

domain-insecure: "domain1."
domain-insecure: "domain2."
forward-zone:
        name: "domain1."
        forward-addr: 172.33.1.2
forward-zone:
        name: "domain2."
        forward-addr: 172.33.1.2Of course, nothing got changed.

[qinohe]

Hi GreenMatter,

Is the same IP you passed to domain1 as well as domain2 a typo?
Please show the override you created...
As far as I know Unbound is not erratic at all, at least I'm having no problems at all nor did I have any in the past. I could be wrong and there are problems in situations I,m unaware of...

Greetings, mark

[GreenMatter]

Hi @qinohe,


The override I created is exactly the same I described

domain1
IP 172.33.1.2 (tried with @53 - doesn't help)
domain2
IP 172.33.1.2

and in manual input described above.
I have two domains I want to be resolved by "local" server (177.33.1.2) accessible over VPN. Server is accessible, when doing a query: dig page.domain1 @177.33.1.2 reply is given immediately...
I've tried options like "local-zone-override" and "private-domain" and nothing helps: stumbled upon (https://www.reddit.com/r/PFSENSE/comments/9e06kp/dns_resolver_domain_override_not_working/):

During my research I encounter this great discussion on nlnetlabs.nl. As stated, local-zones are evaluated before forward-zones and stub-zones. This feature is on purpose, to filter downstream queries before it reaches the state machine in unbound. Some of the potential solutions are:
local-zone: "example.com" transparent
OR
local-zone-override: "example.com" 127.0.0.0/8 transparent - required for localhost (pfSense) to query override
local-zone-override: "example.com" 192.168.1.0/24 transparent - covers everything else (use own network)

[GreenMatter]

It’s working!
All was about unbound’s “Outgoing Network Interfaces”. I used to have it set to WAN and it needs to be set on lan interfaces. Thanks to [size=78%]https://forum.opnsense.org/index.php?topic=6750.0[/size]