[SOLVED] Unbound host override not resolving hostname with local/search domain

Started by FreeMinded, June 25, 2023, 07:13:51 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
June 25, 2023, 07:13:51 PM Last Edit: June 27, 2023, 08:19:00 PM by FreeMinded
Hi, I'm an immigrant from the pfSense country and fairly new here. I got around with OPNsense very well so far, but I just can't get my head around why the host overrides are not working as expected. I tried everything, googling, searching this forum, chatgpt... to no avail.

I use Unifi network devices with a central Unifi Controller which is somewhere else and accessible through a WireGuard VPN. In order to register Unifi devices with the controller the lookup the hostname "unifi" in the local network which should resolve to the IP of the controller. I use the unbound default configuration (as far as I understand). The are their own network and there in a dedicated DHCP Pool.

I set the domain and search domain in the DHCP settings of the corresponding network. I created a host override for unifi.mydomain.tld.
I can resolve it as long as I use the FQDN, but not with the hostname only I get errors. Depending on how I query NXDOMAIN, SERVFAIL or No answer.
It seems like it is not using or respecting the search domain.

Has anyone an idea what I am missing to make this work? I can certainly post more details if required.
June 25, 2023, 07:39:23 PM #1
Quote from: FreeMinded on June 25, 2023, 07:13:51 PM
I set the domain and search domain in the DHCP settings of the corresponding network. I created a host override for unifi.mydomain.tld.
I can resolve it as long as I use the FQDN, but not with the hostname only I get errors. Depending on how I query NXDOMAIN, SERVFAIL or No answer.
It seems like it is not using or respecting the search domain.
Appending the search domain(s) is the job of the resolver library on the client host. The nameserver does not do that. So you should be able to "ping unifi" and that should end up pinging "unify.mydomain.tld". If it doesn't check the nameserver settings of the machine you are using for that test.

If you use nslookup, dig, drill or similar to throw "unify" at the nameserver the observed behaviour is expected. Repeating myself the resolver library adds all search domains in turn until it gets a valid response or returns "host not found". The tools like dig specifically circumvent that mechanism and implement their own DNS client.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
June 25, 2023, 08:31:34 PM #2
Thanks for your reply! It works in my pfSense but not with OPNsense. I just can't find where the difference is. So I'm looking for what I might have missed in the config.
June 27, 2023, 08:18:07 PM #3
I finally found the error. I had an DHCP Option 43 configured from an earlier attempt which I had totally forgotten about. :-[
Print
Go Up Pages1
User actions