Unbound DNS not forwarding DNS requests to a DNS server within my network

Started by WonderFrank, May 01, 2020, 01:43:14 AM

Previous topic - Next topic
Hi All

I use OpnSense as a DHCP and DNS server, clients in my network have the DNS server set as the OpnSense address as primary (192.168.0.1)
The OpnSense settings (System->Settings->General) have the DNS server set as my other local DNS server (192.168.0.61).

The OpnSense system has my local domain defined, when i ping hosts assigned by the OpnSense DHCP server (DHCPv4) the host is resolved without issue. When i try ping a host where the A record is kept on 192.168.0.61 it does not resolve.

I have done a dns lookup on the OpnSense system, one such host is WinSrv. The results are screen shot here: https://postimg.cc/fkL1Sv9L

Ultimately i need names that dont resolve on the OpnSense Unbound DNS server to be forwarded to 192.168.0.62 as this is the DNS server of my Domain Controller. If the address doesnt resolve here it will be forwarded out to 1.1.1.1 - or whatever DNS server i pick.

Where am i going wrong?

DOes any one have any ideas here? TO get around this issue ive set the DHCP server to give the secondard DNS server as 192.168.0.61 however this isnt ideal. The ideal approach for me would be for OpnSense to be the DNS server and then pass on requests to 192.168.0.61 who then passes them to 1.1.1.1

Does you DHCP provide your local domain as domain search suffix?
What happens if you retry your dnslookup with FQDN?

ATM it looks like without domain directly the root servers are queried.
Intel(R) Xeon(R) Silver 4116 CPU @ 2.10GHz (24 cores)
256 GB RAM, 300GB RAID1, 3x4 10G Chelsio T540-CO-SR

- Enable 'DNS Query Forwarding' in unbound
or
- add a domain overwrite for local domains
domain.local, _msdcs.domain.local and 1.1.10.in-addr.arpa

Btw. there is a design failure in your planning:
The DNS server in your dc will not know all local entries.

Ill give this a crack.
The DS doesnt know all my local entries that's correct, that is why the primary DNS server is the OpnSense box and then the OpnSense should pass it onto my DS, from there the DS can pass it on to 1.1.1.1.
Ill let you know how i get on :)

Quote from: hbc on May 02, 2020, 11:48:13 AM
Does you DHCP provide your local domain as domain search suffix?
What happens if you retry your dnslookup with FQDN?

ATM it looks like without domain directly the root servers are queried.

Yes it does. I get the same results when using the FQDN