[SOLVED] Unbound DNS: Overrides

[neptunus]

Hello,

I have a  Unbound DNS: Override configured.

host	Domain	Type	Value	Description
testing	lan	A	102.168.10.15	Test server

If I ping from a machine in the same subnet is get a DNS lookup.

Code Select Expand

ping testing.lan
Pinging testing.lan [192.168.10.15] with 32 bytes of data:

But if I ping from de opnsense shell I don't get a response on the DNS lookup.

Code Select Expand

ping testing.lan
ping: cannot resolve testing.lan: Unknown host

HoweverI can ping the IP.

Code Select Expand

ping 192.168.10.15
PING 192.168.10.15 (192.168.10.15): 56 data bytes
64 bytes from 192.168.10.15: icmp_seq=0 ttl=64 time=0.506 ms

If a do a host -d lookup for testing.lan I see that the DNS request is going to the DNS server I configured in "System: Settings: General"

Code Select Expand

host -d testing.lan
Trying "testing.lan"
Trying "testing.lan.lan"
Host testing.lan not found: 3(NXDOMAIN)
Received 105 bytes from xxx.xxx.xx.xx#53 in 13 ms

Maybe I do not understand Unbound DNS yet?
In "Unbound DNS: General" I also selected in "Network Interfaces" "Localhost". By doing this I was expecting that from OPNsense shell I could also do a DNS lookup to a DNS name that was configured in the Overrides table.

Do I make a mistake? Someone tips / hits?

[guest19757]

Hello,

You not getting what you expected perhaps because the Nameserver you have configured for the firewall. Eg, Settings -> General: DNS Servers. Unless you manually configure Unbound upstream nameservers and switch DNS Server to 127.0.0.1, you will not get the expected result.

Note, if you leave Unbound unconfigured to contact nameservers on it's own, it will use the firewall DNS servers. So simply setting DNS Servers to 127.0.0.1 blindly will have undesired consequences.

Regards

[neptunus]

Hello,

You not getting what you expected perhaps because the Nameserver you have configured for the firewall. Eg, Settings -> General: DNS Servers. Unless you manually configure Unbound upstream nameservers and switch DNS Server to 127.0.0.1, you will not get the expected result.

Note, if you leave Unbound unconfigured to contact nameservers on it's own, it will use the firewall DNS servers. So simply setting DNS Servers to 127.0.0.1 blindly will have undesired consequences.

Regards

THANKS bugsmanagement

In "System: Settings: General" I disabled the setting below (the box is not checked).


If I test with this setting the behavior is as expected.

Code Select Expand

Trying "testing.lan"
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14785
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;testing.lan.                      IN      A

;; ANSWER SECTION:
testing.lan.               3600    IN      A       192.168.10.15

Received 42 bytes from 127.0.0.1#53 in 0 ms
Trying "testing.lan"
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3075
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;testing.lan.                      IN      AAAA

Received 26 bytes from 127.0.0.1#53 in 0 ms
Trying "testing.lan"
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17918
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;testing.lan.                      IN      MX

Received 26 bytes from 127.0.0.1#53 in 0 ms


I use Unbound DNS in my configuration. In "Services: Unbound DNS: General" I have selected the interfaces for Unbound I need, including Localhost. As far as my knowledge is concerned, this configuration is ok. Agree?

[guest19757]

Does it work? If it does, I guess so?

[neptunus]

Does it work? If it does, I guess so?

Yes it did, sorry for late response.