Unbound error: local-data in redirect zone must reside at top of zone

[ctrlbrk]

HELP!

Code: [Select]

2021-07-26T10:19:43 unbound[41692] [41692:0] fatal error: Could not set up local zones
2021-07-26T10:19:43 unbound[41692] [41692:0] error: local-data in redirect zone must reside at top of zone, not at OPNsense.localhost A 192.168.2.2
I cannot start Unbound due to this.  I tried removing the host_entries.conf but it is regenerated.

I have removed custom options but no change.

I did have Register DHCP leases  and Register DHCP static mappings both checked/enabled, but I have sense unchecked and applied, even rebooted, and the host_entries.conf is still regenerated incorrectly.

Code: [Select]

# cat host_entries.conf
local-zone: "localdomain" transparent
local-data-ptr: "127.0.0.1 localhost"
local-data: "localhost A 127.0.0.1"
local-data: "localhost.localdomain A 127.0.0.1"
local-data-ptr: "::1 localhost"
local-data: "localhost AAAA ::1"
local-data: "localhost.localdomain AAAA ::1"
local-data-ptr: "192.168.2.2 OPNsense.localhost"
local-data: "OPNsense.localhost A 192.168.2.2"
local-data: "OPNsense A 192.168.2.2"
local-data-ptr: "192.168.100.2 OPNsense.localdomain"
local-data: "OPNsense.localdomain A 192.168.100.2"
local-data: "OPNsense A 192.168.100.2"
local-data-ptr: "192.168.0.5 OPNsense.localdomain"
local-data: "OPNsense.localdomain A 192.168.0.5"
local-data: "OPNsense A 192.168.0.5"
local-data-ptr: "192.168.5.1 OPNsense.localdomain"
local-data: "OPNsense.localdomain A 192.168.5.1"
local-data: "OPNsense A 192.168.5.1"
local-data-ptr: "192.168.64.1 OPNsense.streaming"
local-data: "OPNsense.streaming A 192.168.64.1"
local-data: "OPNsense A 192.168.64.1"
local-data-ptr: "172.16.254.1 OPNsense.colibri"
local-data: "OPNsense.colibri A 172.16.254.1"
local-data: "OPNsense A 172.16.254.1"
local-data-ptr: "192.168.2.5 nexus.localdomain"
local-data: "nexus.localdomain IN A 192.168.2.5"
local-data-ptr: "192.168.5.102 USG-WAN2.localdomain"
local-data: "USG-WAN2.localdomain IN A 192.168.5.102"

This is causing a major headache for me.

[Fright]

hi
any host overrides configured?
local-data: "OPNsense.localhost A 192.168.2.2"
i cant understand this record. what is the "OPNsense.localhost" supposed to mean?

'localhost.' is default type zone (see docs https://nlnetlabs.nl/documentation/unbound/unbound.conf/)

The default zones are localhost, reverse 127.0.0.1 and ::1, the  onion,
       test,  invalid  and  the  AS112  zones. The AS112 zones are reverse DNS
       zones for private use and reserved IP addresses for which  the  servers
       on  the internet cannot provide correct answers. They are configured by
       default to give nxdomain (no reverse information) answers. The defaults
       can  be  turned  off by specifying your own local-zone of that name, or
       using the 'nodefault' type. Below is a list of the  default  zone  con-
       tents.

            localhost
                 The  IP4  and  IP6 localhost information is given. NS and SOA
                 records are provided for completeness and to satisfy some DNS
                 update tools. Default content:
                 local-zone: "localhost." redirect
                 local-data: "localhost. 10800 IN NS localhost."
                 local-data: "localhost. 10800 IN
                     SOA localhost. nobody.invalid. 1 3600 1200 604800 10800"
                 local-data: "localhost. 10800 IN A 127.0.0.1"
                 local-data: "localhost. 10800 IN AAAA ::1"

so local-zone: "localhost." redirect by default and "local-data: "OPNsense.localhost A 192.168.2.2" record breaks config.

[ctrlbrk]

any host overrides configured?
local-data: "OPNsense.localhost A 192.168.2.2"
i cant understand this record. what is the "OPNsense.localhost" supposed to mean?
so local-zone: "localhost." redirect by default and "local-data: "OPNsense.localhost A 192.168.2.2" record breaks config.

Yeah I am not sure where it got that, because my domain was localdomain.

In the end, in order to get past this issue, I ended up changing the System > Settings > Domain Name to something else, and when I did so, it seemed to correct the Unbound problem.

That said, I am now having a different issue (lol) which you also responded to:
https://forum.opnsense.org/index.php?topic=24084.0

Also, see this:
https://forum.opnsense.org/index.php?topic=23941.msg114911#msg114911

Not my intention to spread out duplicate threads.  I will hang for the new dev build tomorrow that mimugmail referenced, and see if I can make progress with custom Unbound options from there.

[Fright]

Yeah I am not sure where it got that, because my domain was localdomain.
looking at the contents of your host_entries.conf and part of code at
https://github.com/opnsense/core/blob/4ae1555e07e956d2446131716e816aab22642d53/src/etc/inc/plugins.inc.d/unbound.inc#L510-L517
it looks like "localhost" was specified as a domain for dhcpd on the interface with the 192.168.2.2 address 

[ctrlbrk]

Yeah I am not sure where it got that, because my domain was localdomain.
looking at the contents of your host_entries.conf and part of code at
https://github.com/opnsense/core/blob/4ae1555e07e956d2446131716e816aab22642d53/src/etc/inc/plugins.inc.d/unbound.inc#L510-L517
it looks like "localhost" was specified as a domain for dhcpd on the interface with the 192.168.2.2 address 

I will assume yes, a type-o/fat finger on my part and that's what hosed everything.  Since I am not having the error any longer especially

Thanks again