enable dns64-synthall option for unbound

[jordangarside]

Hi there  :)

I'm trying to enable the dns64-synthall option for unbound, which doesn't appear to be anywhere in the UI.

I found this comment https://github.com/NLnetLabs/unbound/issues/551#issuecomment-1209810036, but I'm not sure how to actually use it.

I'm not super familiar on unbound's configuration management, as well as how opnsense generates the final config (and how to check that final config).

I tried creating a file at

Code Select Expand

/usr/local/etc/unbound.opnsense.d/dns64.conf with the following:

Code Select Expand


server:
    module-config: "respip dns64 validator iterator"
    dns64-synthall: yes
    dns64-prefix: "64:ff9b::/96"


After adding that file I restarted the unbound service.

As far as I can tell unbound is still serving the real AAAA records.

The unbound docs also mention that

the dns64 module must be configured in the module-config ... and be compiled into the daemon to be enabled.

so I'm not sure if that's happening already or not with just adding the extra .conf file.

Hoping I'm just missing something simple here!