unbound - dhcpleases

[topuli]

Hi,

i have setup dhcp and unbound.
Under System/General/Domain, a domain is set.

Unbound is enabled and "Register DHCP leases in the DNS Resolver" and "Register DHCP static mappings in the DNS Resolver" is set.

My clients do get an ip, dns-server,gateway, dns suffix... via dhcp
I can see the leased IPs under DHCPv4/Leases

However i cant resolve the hosts in my environment.
I have noticed that /var/unbound/dhcpleases.conf is empty!

What i have already tried ist:
set "System\Settings\Administration\Disable DNS Rebinding Checks"
set "Unbound DNS\General\Local Zone Type\static"

Any ideas?

Thx t.

[opnfwb]

Do you have Unbound configured as the local resolver? You mention that the clients are getting a dns-server with their DHCP leases, this needs to be the OPNsense box. If DHCP is configured to hand out a DNS server external to your network, the clients will use this for name resolution and will skip using the local Unbound instance for localized DNS lookups.

[topuli]

thanks for your reply. yes the dns-server the clients via DHCP is the opnsensebox.

[topuli]

today i was able to take a closer look at the problem.
after i found out about /usr/local/opnsense/scripts/dns/unbound_dhcpd.py i looked into the scipt.
unbound_control is used to list and read the local data.
So to further isolate my problem i started with:

Code Select Expand

unbound-control -c /var/unbound/unbound.conf list_loca_data
I was greeted by an error message:

error: SSL handshake failed
2586055198312:error:14090086:SSL routines:ssl3_get_server_certificate:certificate verfify failed:s3_clnt.c:1269:

the reason my /var/unbound/dhcpleases.conf is empty, is because the command (unbound_control) that wants to read my local data fails.

so i asked my second best friend google and found:
https://forum.ipfire.org/viewtopic.php?t=18906

inspired by this post and after reading https://www.unbound.net/documentation/unbound-anchor.html i:

sshed into the opnsense box

Code Select Expand


cd  /var/unbound
mv root.key _root.key
mv unbound_control.key _unbound_control.key
mv unbound_control.pem _unbound_control.pem


restart unbound in the opnsense gui under System/Diagnostics/Services

unbound restarts and the files root.key, unbound_control.key and unbound_control.pem get regenerated.

Now # unbound-control -c /var/unbound/unbound.conf list_loca_data works and /var/unbound/dhcpleases.conf can be written.

i now can resolve my local dhcp-clients.

Jupidu!

[opnfwb]

Nice work! Thanks for the followup response so that others can see how it was resolved. Very odd that you had to do this, though. I've never had an issue in my use cases with OPNsense and Unbound.