UBound DNS Override not working

[RobLatour]

I have set up a UBound DNS Override as follows:

host: *
domain: backyard.com
type: A
value: 192.168.1.193
description: backyard weather station

The purpose of which is to allow my family to browse to www.backyard.com to see the temperature and humidity in our backyard based on a small IoT weather station I built.

The address resolved fine for me on my W10 machine for about half an hour, but then suddenly started resolving to the real backyard.com.  At the same time, on my cell, it resolves to the 192.168.1.193 address as expected.  Now, at the time just before I am going to post this post, on my Windows machine it is not resolving to anything - "This site can't be reached".  However, the 192.168.1.193 address continues to work fine when typed into the address bar of the browser on the same machine.

I tried to restart the service on the OPNSense box, I also tried running "ipconfig /flushdns" from from a cmd prompt on the windows machine using admin privileges, and also tried rebooting the Windows machine.  None of these helped.

EDIT: I went into Chrome and cleared the cached images and files, after that it resolved to 192.168.1.193. However, an hour later, it was back to resolving to the real backyard.com

EDIT: Firefox was showing the same behaviors as Chrome; however somehow I got FireFox to work for now - resolving correctly.  Edge is resolving correctly.  Chrome is not.  I thought it might be the fact that it is a HTTP site not a HTTPS site, there is a default setting in Chrome to block unsecured sites, but even with it off Chrome does not resolve correctly.

EDIT: ok so I gave up on the Host approach, and tried the Domain Override, but its not working either. 
I tried
backyard.com and www.backyard.com both pointing to 192.168.1.193

I also tried changing the interface to LAN, WAN, and both LAN and WAN.

Just no love.

Am I missing something?

[RobLatour]

Bump

Still not getting this work - even tried a different domain name.

Here's the screenshot:

https://ibb.co/XDj970Y

and again, Unbound is enabled and running.

Any insights would be helpful.

[Patrick M. Hausen]

A domain override tells Unbound to forward the request to the nameserver at the configured address.

You need to use host overrides. They have always worked for me, but I never used wildacrds ('*'). You could try with a regular name, first.

[SFC]

Bump

Still not getting this work - even tried a different domain name.

Here's the screenshot:

https://ibb.co/XDj970Y

and again, Unbound is enabled and running.

Any insights would be helpful.

What browser are you using?  Firefox enables Secure DNS by default now which will bypass your DNS server entirely.

[chemlud]

Have you blocked all DNS except the OPNsense? Otherwise some clients may bypass your unbound. In the future port 853 and normal HTTPS (DNS-overHTTPS) will be problematic, too...

[chemlud]

Bump

Still not getting this work - even tried a different domain name.

Here's the screenshot:

https://ibb.co/XDj970Y

and again, Unbound is enabled and running.

Any insights would be helpful.

What browser are you using?  Firefox enables Secure DNS by default now which will bypass your DNS server entirely.

"On February 25, 2020, Firefox started enabling DNS over HTTPS for all US-based users, relying on Cloudflare's resolver" (source: https://en.wikipedia.org/wiki/DNS_over_HTTPS),

but he is using Chrome...

You disable the DNS-over -HTTPS in about:config by setting

Code Select Expand

network.trr.mode

to "5"

or something along this line for Win10

https://www.reddit.com/r/sysadmin/comments/dbs1ew/canary_domain_to_disable_firefoxchrome_doh/

[chemlud]

PS: The domain override has to be pinting to a DNS server, not the host IP.

I just set up an override in Unbound, works after pressing "Apply"...

[Patrick M. Hausen]

PS: The domain override has to be pinting to a DNS server, not the host IP.

I just set up an override in Unbound, works after pressing "Apply"...

That's pretty much exactly what I wrote  ;)

[chemlud]

PS: The domain override has to be pinting to a DNS server, not the host IP.

I just set up an override in Unbound, works after pressing "Apply"...

That's pretty much exactly what I wrote  ;)

Maybe he will understand one of us... ;-)

[RobLatour]

Thanks for your comments, but still I must be missing something as its still not working.

Here is what the override screen looks like:
https://ibb.co/nzTm1pZ

Also, yes, I am using Chrome but have testing with Firefox and Edge as well - same results - resolution is to the real weather.com not my identified IP address.

PC is set up to obtain dns results automatically.

I've tried clearing the cashes in chrome and on the pc ( ipconfig /flushdns ) as administrator.

[RobLatour]

So, after making the changes above the wife and I watched a show on Netflix.   i came back to my computer, and it was suddenly working.  Go figure.   

Hope it stays that way.

Thanks for your help!

[Patrick M. Hausen]

Is your computer a Mac? Macs cache DNS entries on the client. Don't know about Windows, but I suspect they do similarly.

[chemlud]

Important part: ONLY DNSserver has to be your unbound (Block on your LAN port 53 TCP/UDP except to your OPNsense). If clients can bypass the OPNsense unbound, it will never work reliably.

[RobLatour]

@pmhausen  I have been testing with a Windows machine, although we do have iPhones and IPads in the house

[RobLatour]

@chemlud, thank you. 

Although I'm sure it's a very basic question, and sorry to trouble you with it, but how do I do that? 

Is it a set of firewall rules for the LAN or WAN or both, also (I assume) for both IPv4 and IPv6?

How do identify OPNSense in my firewall rules, is it by the IP address of the machine OPNSense is running on?

Is there a link someplace that explains all this, I've been trying to piece it all together - but I suspect haven't dealt with what you are suggesting yet - but need to.