OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Archive »
  • 23.1 Legacy Series »
  • Trouble with Unbound and MX-records
« previous next »
  • Print
Pages: [1]

Author Topic: Trouble with Unbound and MX-records  (Read 766 times)

holunde

  • Newbie
  • *
  • Posts: 16
  • Karma: 1
    • View Profile
Trouble with Unbound and MX-records
« on: June 12, 2023, 08:21:23 am »
Hi
I want to change from Dnsmasq to Unbound for different reasons(security mostly) and I have a question about Unbound overrides and Dns MX-records.
The problem is on an installation with a number of different subnets, but the issue has to do with an email-server on a DMZ-area.
I've been running Dnsmasq until now and on the DMZ-area, there are different hosts, some web-servers, an email-server etc.
So when clients on the LAN need to access one of these web-servers they need to use the internal DMZ-ip instead of going out through the WAN first.
So with Dnsmasq I have just entered some overrides for these webserver like this

www.somedomain.dk       192.168.0.4
www.newdom.dk           192.168.0.4
www.somedomain2.dk      192.168.0.5

which works fine. The email-server in question is on 192.168.0.3, and it is receiving emails from different systems on the lan and forwarding them to an email-server out on the internet.
So it is allowed to "relay" for these systems. This works fine with Dnsmasq - but NOT with unbound.
There is NO override for this email-server on Dnsmasq, so when I do a nslookup FROM the email-server I get the correct answer, because Dnsmasq just asks out on the DNS-internet and gets the correct answer (192.168.0.1 is OPNSENSE)

nslookup -type=MX newdom.dk
Server:      192.168.0.1
Address:   192.168.0.1#53

Non-authoritative answer:
newdom.dk   mail exchanger = 10 aspmx2.googlemail.com.
newdom.dk   mail exchanger = 10 aspmx3.googlemail.com.
newdom.dk   mail exchanger = 1 aspmx.l.google.com.
newdom.dk   mail exchanger = 5 alt1.aspmx.l.google.com.
newdom.dk   mail exchanger = 5 alt2.aspmx.l.google.com.

BUT when I do the same with Unbound running and the exact same overrides in Unbound as I had in Dnsmasq get

root@ns2:~# nslookup -type=MX newdom.dk
Server:      192.168.0.1
Address:   192.168.0.1#53

*** Can't find newdom.dk: No answer

Which is a showstopper for me.
Unbound does have the option of doing overrides for MX-records, but since I specifically do NOT want that, I haven't entered any.
Just A-records for web-servers.
Has anyone come across this problem?
Logged
  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • Archive »
  • 23.1 Legacy Series »
  • Trouble with Unbound and MX-records
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2