Unbound domains override - not working

Started by GreenMatter, October 01, 2020, 03:15:31 AM

Previous topic - Next topic
I've seen many threads about that issue and it seems it's still valid one.
I'm on 20.7.3 and want to set override for 2 domains
domain1
IP 172.33.1.2 (tried with @53 - doesn't help)



domain2
IP 172.33.1.2


And Unbound doesn't forward queries. Am I doing something wrong or Unbound is erratic?
OPNsense on:
Intel(R) Xeon(R) E-2278G CPU @ 3.40GHz (4 cores)
8 GB RAM
50 GB HDD
and plenty of vlans ;-)

October 01, 2020, 03:48:18 AM #1 Last Edit: October 01, 2020, 04:32:23 AM by GreenMatter
I tried manual input:

forward-zone:
        name: "domain1."
        forward-addr: 172.33.1.2
forward-zone:
        name: "domain2."
        forward-addr: 172.33.1.2

And result is the same - it's not being forwarded...


EDIT:

As DNSSEC is enabled, I added domain-insecure option:

domain-insecure: "domain1."
domain-insecure: "domain2."
forward-zone:
        name: "domain1."
        forward-addr: 172.33.1.2
forward-zone:
        name: "domain2."
        forward-addr: 172.33.1.2

Of course, nothing got changed.
OPNsense on:
Intel(R) Xeon(R) E-2278G CPU @ 3.40GHz (4 cores)
8 GB RAM
50 GB HDD
and plenty of vlans ;-)

Hi GreenMatter,

Is the same IP you passed to domain1 as well as domain2 a typo?
Please show the override you created...
As far as I know Unbound is not erratic at all, at least I'm having no problems at all nor did I have any in the past. I could be wrong and there are problems in situations I,m unaware of...

Greetings, mark


Hi @qinohe,


The override I created is exactly the same I described
Quote
domain1
IP 172.33.1.2 (tried with @53 - doesn't help)
domain2
IP 172.33.1.2
and in manual input described above.
I have two domains I want to be resolved by "local" server (177.33.1.2) accessible over VPN. Server is accessible, when doing a query: dig page.domain1 @177.33.1.2 reply is given immediately...
I've tried options like "local-zone-override" and "private-domain" and nothing helps: stumbled upon (https://www.reddit.com/r/PFSENSE/comments/9e06kp/dns_resolver_domain_override_not_working/):
Quote
During my research I encounter this great discussion on nlnetlabs.nl. As stated, local-zones are evaluated before forward-zones and stub-zones. This feature is on purpose, to filter downstream queries before it reaches the state machine in unbound. Some of the potential solutions are:
local-zone: "example.com" transparent
OR
local-zone-override: "example.com" 127.0.0.0/8 transparent - required for localhost (pfSense) to query override
local-zone-override: "example.com" 192.168.1.0/24 transparent - covers everything else (use own network)
OPNsense on:
Intel(R) Xeon(R) E-2278G CPU @ 3.40GHz (4 cores)
8 GB RAM
50 GB HDD
and plenty of vlans ;-)

It's working!
All was about unbound's "Outgoing Network Interfaces". I used to have it set to WAN and it needs to be set on lan interfaces. Thanks to [size=78%]https://forum.opnsense.org/index.php?topic=6750.0[/size]
OPNsense on:
Intel(R) Xeon(R) E-2278G CPU @ 3.40GHz (4 cores)
8 GB RAM
50 GB HDD
and plenty of vlans ;-)