[SOLVED] Unbound has a PTR record for unqualified hostname in addition to FQDN

[Patrick M. Hausen]

Hi all,

I am currently toying with ElastiFlow pumping netflow data from OPNsense into the tool. I take great care manually adding overrides for all my internal servers to Unbound so I have A and PTR records for everything.

What puzzled me was that in ElastiFlow OPNsense shows as "opnsense" while all other devices are "something.internal.domain.com".


I have in the configuration:

• Register DHCP Static Mappings


• Do not register IPv6 Link-Local addresses


• Do not register system A/AAAA records

And then a manual override: opnsense.internal.domain.com --> 192.168.1.1

Which ends up in host_entries.conf like this:

Code Select Expand

root@opnsense:/var/unbound # grep opnsense host_entries.conf
local-data-ptr: "192.168.1.1 opnsense.internal.domain.com"
local-data: "opnsense.internal.domain.com  IN A 192.168.1.1"


Yet, when I query the system from outside, this happens:

Code Select Expand

root@flow:~# dig -x 192.168.1.1

[...]
;; ANSWER SECTION:
1.1.168.192.in-addr.arpa. 10 IN PTR opnsense.
1.1.168.192.in-addr.arpa. 10 IN PTR opnsense.internal.domain.com.
[...]

Why is that first entry there and how can I get rid of it? There should never be multiple PTR records for a single IP address, IMHO.


Thanks,
Patrick

[Patrick M. Hausen]

Forget it!

It's not Unbound, it's AdGuard Home which is adding the unqualified PTR record. If I log on to OPNsense and use "drill -x -p 53530 @127.0.0.1 192.168.1.1" everything works as expected.

Apparently AGH parses /etc/hosts. Since v0.107.45 there is an extra flag to disable that:

Code Select Expand

dns:
  hostsfile_enabled: false

Easy peasy :-)