Unbound Host Override Not Working

Started by picch, June 06, 2021, 07:46:44 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
June 06, 2021, 07:46:44 AM
Hello,
I'm a very recent opnsense convert from pfSense and have everything working as intended except for a weird issue with Unbound host overrides that I can't figure out and am hoping might have an idea.

Scenario:
1) DHCP Registration is enabled which registers my Docker server's hostname (FQDN example: docker.home.lan).
2) I have an nginx reverse proxy running in front of my containers so I can access each container by its service name. (FQDN example: container1.home.lan, container2.home.lan, etc...)

I have a host override setup to create an A record for container1.home.lan pointing to the Docker server's IP (the same IP as docker.home.lan that exists via DHCP Registation) and an alias for container2.home.lan. However when I do this the entries refuse to resolve, any attempt results in an NXDOMAIN.

I restored my old pfsense config in a VM to see if I could spot any unbound config differences and noticed opnsense is adding PTR records for the the override and any associated aliases where pfsense doesn't.

Code Snip for both:
opnsense (host_entries.conf):
Code Select
local-data-ptr: "10.0.0.100 container1.home.lan"
local-data: "container1.home.lan IN A 10.0.0.100"
local-data-ptr: "10.0.0.100 container2.home.lan"
local-data: "container2.home.lan IN A 10.0.0.100"

pfsense (host_entries.conf)
Code Select
local-data: "container1.home.lan A 10.0.0.100"
local-data: "container2.home.lan A 10.0.0.100"

So on a whim, I commented out the PTR records for the overrides, and restarted unbound via CLI to prevent the config files from getting rebuilt and sure enough it works like a charm. Some other test I've tried:
1) Changing destination IP of the override to one not currently in use works.
2) Changing the IP to a host that has a static mapping works
3) Adding a static mapping for the Docker server makes the override work.

Does anyone happen to have an idea, or perhaps a better way to do what I'm trying, it seems to be specific to DHCP Registrations? I'm trying to pinpoint the exact reason to help with bug reporting but am coming up empty (#3 /might/ work because the static mapping is in the same config file as the override, but that might be a stretch). I currently have #3 setup to work in the interim, but I'm trying to slowly eliminate my dependency on static mappings for hosts, especially VMs where their mac addresses will change as you rebuild the VM.

Thanks in advance and apologies for the word wall.
June 11, 2021, 07:33:28 PM #1
Just guessing / throwing words out:

Your nginx reverse proxy (let's say 192.168.10.10) points to a internal service, such as docker1.home.lan (10.0.10.10). You access this service from an external network by web using service1.some.adress.com

You want to use this service when you are on your own LAN.

And adding a override where;

Host: service1.some
Domain: domain.com
Type: A
Value: 192.168.10.10

does not work?

After you've done this, where does
Code Select
ping service1.some.domain.com resolve to?
Running OPNsense through Proxmox
4 x Intel(R) Core(TM) i5-6500 CPU @ 3.20GHz (1 Socket)
24 GB RAM
July 13, 2021, 02:30:39 PM #2
Hello,

I've the same issue. Host override does not work with registration of DHCP leases. Other people also have the issue: https://forum.opnsense.org/index.php?topic=20185.0
Print
Go Up Pages1
User actions