[SOLVED] Unbound: wildcard DNS A/AAAA or CNAME record

Started by opnthib, January 23, 2023, 09:28:45 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
January 23, 2023, 09:28:45 PM Last Edit: January 24, 2023, 10:05:24 PM by opnthib
Hello,

I would like to install okd/openshift on my HomeLab.
For this, I need to have a DNS entry like this


Quote*.apps.<cluster_name>.<base_domain>.

A wildcard DNS A/AAAA or CNAME record that refers to the application ingress load balancer. [...]
https://docs.openshift.com/container-platform/4.10/installing/installing_platform_agnostic/installing-platform-agnostic.html#installation-dns-user-infra_installing-platform-agnostic

It's a "advanced-configurations", so I am referring to https://docs.opnsense.org/manual/unbound.html#advanced-configurations

I have create a file  /usr/local/etc/unbound.opnsense.d/okd.conf with the following content:

Code Select

server:
local-data: "_etcd-server-ssl._tcp.okd.my-domain.lan 180 IN SRV 0 10 2380 etcd-0.okd.my-domain.lan."
local-data: "_etcd-server-ssl._tcp.okd.my-domain.lan 180 IN SRV 0 10 2380 etcd-1.okd.my-domain.lan."
local-data: "_etcd-server-ssl._tcp.okd.my-domain.lan 180 IN SRV 0 10 2380 etcd-2.okd.my-domain.lan."
local-zone: "apps.okd.my-domain.lan" redirect
local-data: "apps.okd.my-domain.lan 86400 IN A 10.100.0.0"
local-data-ptr: "10.100.0.1 etcd-0.okd.my-domain.lan"
local-data-ptr: "10.100.0.2 etcd-1.okd.my-domain.lan"
local-data-ptr: "10.100.0.3 etcd-2.okd.my-domain.lan"


It's ok for SRV, but for local and data zone I have:
Code Select
> $ dig *.apps.okd.my-domain.lan +short
zsh: no matches found: *.apps.okd.my-domain.lan

> $ dig apps.okd.my-domain.lan +short
10.100.0.0

the expected result is nominally the following, right ?
Code Select
> $ dig *.apps.okd.my-domain.lan +short
10.100.0.0

I don't understand where I made a mistake.

Thanks for the help.

PS: okd vlan : 10.100.0.0/24
January 23, 2023, 09:52:40 PM #1
"*" is a wildcard. So if you configure a record named "*.foo.bar." you cannot query for "*.foo.bar." - the asterisk is not a valid character in a domain name.

But you can query for "baz.foo.bar.", "quux.foo.bar.", ... and receive the same answer for each imaginable FQDN ending in ".foo.bar."

That's what "wildcard" means.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
January 24, 2023, 10:04:44 PM #2
holy s****
I feel really stupid right now  :(

The following example from https://blog.ktz.me/configure-unbound-dns-for-openshift-4/ misled me
QuoteVerify with dig:

[alex@ktzTP redhat]$ dig *.apps.ocp4.ktz.lan +short
192.168.1.160

Thank you

PS:
Code Select

> $ dig test.apps.okd.my-domain.lan +short
10.100.0.0
> $ dig foo.apps.okd.my-domain.lan +short
10.100.0.0

;)
Print
Go Up Pages1
User actions