[SOLVED] DNS query forwarding Unbound --> BIND

Patrick M. Hausen · January 29, 2021, 09:46:39 AM

Hi all,

I want to forward all recursive queries from unbound to named, because named pulls secondary zones I want to have locally. I added this snippet to the unbound configuration according to the documentation available here:
https://docs.opnsense.org/manual/unbound.html#advanced-configurations

Code Select


server:
forward-zone:
name: "."
forward-addr: 127.0.0.1@53530

When I check the config as recommended, this is the result:

Code Select

unbound-checkconf: warning: forward-addr: '127.0.0.1@53530' is specified for forward-zone: '.', but do-not-query-localhost: yes means that the address will not be used for lookups.
unbound-checkconf: no errors in /var/unbound/unbound.conf

I did not intentionally set "do-not-query-localhost" anywhere. How can I disable it? With the current config every single request results in a SERVFAIL.

Thanks,
Patrick

Patrick M. Hausen · January 29, 2021, 11:05:34 AM

Changing the snippet this way solves the problem:

Code Select


server:
do-not-query-localhost: no
forward-zone:
name: "."
forward-addr: 127.0.0.1@53530

"do-not-query-localhost: yes" seems to be the default.

franco · January 29, 2021, 01:06:28 PM

Yes, we're not setting do-not-query-localhost. Kinda weird Unbound refuses these by default, maybe assuming there is no other service that could be "of service" to it (even from the standard port when Unbound runs on a different one). Or maybe it tries to prevent a loop from happening.

One way or another looks like we need to figure out an automatic way to integrate it given we ship with different solutions that could run side by side.

Open for ideas :)

Cheers,
Franco

[SOLVED] DNS query forwarding Unbound --> BIND

Patrick M. Hausen

January 29, 2021, 09:46:39 AM Last Edit: January 29, 2021, 12:32:06 PM by pmhausen

Patrick M. Hausen

January 29, 2021, 11:05:34 AM #1

franco

January 29, 2021, 01:06:28 PM #2