unbound deleting custom-options.conf

Started by securid, May 18, 2023, 09:56:21 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
May 18, 2023, 09:56:21 AM Last Edit: May 18, 2023, 09:59:05 AM by securid
I need to add the following to unbound config:

Code Select

forward-zone:
  name: "."
  forward-tls-upstream: yes
  forward-addr: 1.2.3.4#bla.dns.nextdns.io
  forward-addr: 1234:1234::#bla.dns.nextdns.io
  forward-addr: 1.2.3.5#bla.dns.nextdns.io
  forward-addr: 1234:1235::#bla.dns.nextdns.io


I tried to create the file /var/unbound/etc/custom-config.conf and add the above, but the file gets deleted.
I tried to add it to /var/unbound/unbound.conf, and that config gets removed.

How do I add the above, which file do I edit or create?

I did find this:
https://forum.opnsense.org/index.php?topic=13978.0

But the custom box (as found in previous versions and in pfsense) is nowhere to be found.

Thanks
May 18, 2023, 10:05:54 AM #1
https://docs.opnsense.org/manual/unbound.html#advanced-configurations

The right directory would be /usr/local/etc/unbound.opnsense.d

But it looks like DoT -- why not use the GUI for it?


Cheers,
Franco
May 18, 2023, 10:15:43 AM #2
it is, but nextdns is providing me a config that I (with my limited DoT knowledge) am unable to translate to the opnSense DoT config:

forward-addr: 45.90.28.0#123ab4.dns.nextdns.io

I tried to work it out, but I have no idea how to translate the line above to a working domain, ip, port and cn for DoT via GUI to work.

ps. im mucking around with DNS, but while this forum and other sites work, docs.opnsense.org seems down for me? Is it?
May 18, 2023, 10:18:42 AM #3
Leave domain and port emtpy set Verify CN to 123ab4.dns.nextdns.io and Server IP to 45.90.28.0 and done :)


Cheers,
Franco
May 18, 2023, 10:42:13 AM #4
Thanks for the help.

I'm not sure why that config uses 45.90.28.0, that doesn't work. Using their "real" public IP addresses does.

So in short, its working :D .
May 18, 2023, 10:45:16 AM #5
No idea either about the weird IP but working now sounds good. :)

A not to you and everyone else reading this in the future: Don't forget to remove any of your manual files from /usr/local/etc/unbound.opnsense.d if you don't need them to avoid future issues with upgrades doing "strange" things.


Cheers,
Franco
Print
Go Up Pages1
User actions