Did 22.x change how DNS resolution works?

[tessus]

I upgraded from 21.7.8 to 22.1.6. The upgrade went smoothly and I did not make any changes to the rest of my environment.

After the upgrade all Unbound overrides work on my Android device only without .local
On all machines (Linux, macOS, iPadOS, ...) the DNS resolution works perfectly.

(I have searched the net and found a few articles, but none of them make sense. Otherwise it wouldn't have worked before the OPNsense upgrade.)

First I thought that maybe the monthly Android upgrade messed this up, but I accessed a hostname.local address on Android before the upgrade and it worked.
I learned more than 2 decades ago to only make a single change at a time to narrow down the issue. In this case I can be sure that the OPNsense upgrade is the culprit.

I also went through all DNS related settings and I can't find anything that looks suspicious. (In case there are new settings after the upgrade.)

Before sending my entire config I wanted to ask, whether anyone has seen this as well.

[Grossartig]

Are you overriding ".local" in your Unbound config?

In my experience, ".local" should be left alone and if you want to introduce an override for your LAN, use something else, i.e. ".lan" instead (which is what I am doing).

[tessus]

Thanks a bunch for the reply.

Are you overriding ".local" in your Unbound config?

Not that I am aware of.

System: Settings: General
Hostname: cator00r
Domain: local

Services: Unbound DNS: General
DHCP Domain Override: <empty>

No Domain Overrides.
Host Overrides all use local as domain name.

All DHCPs on my interfaces have the domain name either set to local or are empty.

Once again, please note it worked before the upgrade. So something must have changed how things work, otherwise it'd be still working.

P.S.: overriding local means overriding local with something else, not with local. so I am a bit puzzled by your answer. Maybe you meant, whether I set everything to local? In this case, yes I have.

[Grossartig]

I would not use ".local" overrides at all. I would switch all those overrides to a different name, i.e. ".lan".

I have never had reliable luck using ".local" overrides and switched to a different name, as local is sort of a reserved domain.

Edit: The .local domain is is a special-use domain primarily used for zeroconf purposes, more info here: https://en.wikipedia.org/wiki/.local

[tessus]

I would not use ".local" overrides at all. I would switch all those overrides to a different name, i.e. ".lan".

Edit: The .local domain is is a special-use domain primarily used for zeroconf purposes, more info here: https://en.wikipedia.org/wiki/.local

I know about mDNS and .local. I am not asking for workarounds, especially ones that invalidate all my internal TLS certs.

Are you an OPNsense developer? I specifically asked whether the DNS resolution has changed in 22.x. It was working before. So something must have changed. I want to know what it is, so that I can get it working again.

[Grossartig]

I'm not an OPNsense developer. Just a guy trying to help.

Good hunting.

P.S.: Lots of Unbound related changes in the release notes: https://docs.opnsense.org/releases/CE_22.1.html

[tessus]

Please don't take this the wrong way, but I asked a specific question.

Answering with something else is not help. It's noise and might discourage others to actually answer my question. You have now changed the subject of this thread to a mDNS and .local discussion. This is not what I wanted.

If you asked what time it is, would you be ok with an answer like: "You could query an ntp server."? You probably know that you could do that, but you don't care, because you are without a clock and don't have a computer at hand.

[tessus]

Lots of Unbound related changes in the release notes

I've read them before I posted my question. I didn't see anything that could explain the new behavior. Maybe there's a change of a default setting. Or maybe I misunderstood the release notes.

This is why I need help. I don't have time to go back to 21.x and start debugging with network sniffers and whatnot. Nor do I have the time to change my local domain name to something else. It will take forever to recrete all certs and apply them to infrastructure devices and deploy them to many services across different VMs. Let alone the fact that I'd have to change all config files that use hostnames.

My network works (except the dns resolution on Android when adding .local to the hostname), so right now I can't afford to mess around. I work from home and if my network breaks, I am in trouble.