PS C:\Users\admin> nslookup m.s.test 10.20.30.254Server: controlnode02.muc.contoso.comAddress: 10.20.30.254Name: test01.node.dev.contoso.comAddress: 10.31.9.23Aliases: m.s.testPS C:\Users\admin>
PS C:\Users\admin> nslookup m.s.test 10.20.30.1Server: UnKnownAddress: 10.20.30.1*** m.s.test wurde von UnKnown nicht gefunden: Non-existent domain.PS C:\Users\admin>
PS C:\Users\admin> nslookup m.s.test 10.20.30.1Server: private-access.muc-fw01.contoso.comAddress: 10.20.30.1Name: test01.node.dev.contoso.comAddress: 10.31.9.23Aliases: m.s.testPS C:\Users\admin>
PS C:\Users\admin> nslookup -port=53 m.s.test 10.20.30.254Server: controlnode02.muc.contoso.comAddress: 10.20.30.254Name: test01.node.dev.contoso.comAddress: 10.31.9.23Aliases: m.s.testPS C:\Users\admin> nslookup -port=53 m.s.test 10.20.30.1Server: private-access.muc-fw01.muc.contoso.comAddress: 10.20.30.1Name: test01.node.dev.contoso.comAddress: 10.31.9.23Aliases: m.s.testPS C:\Users\admin> nslookup -port=54 m.s.test 10.20.30.1Server: private-access.muc-fw01.muc.contoso.comAddress: 10.20.30.1Name: test01.node.dev.contoso.comAddress: 10.31.9.23Aliases: m.s.testPS C:\Users\admin>
admin@linux:~$ nslookup -port=53 m.s.test 10.20.30.254Server: 10.20.30.254Address: 10.20.30.254#53m.s.test canonical name = test01.node.dev.contoso.com.Name: test01.node.dev.contoso.comAddress: 10.31.9.23admin@linux:~$ nslookup -port=53 m.s.test 10.20.30.1Server: 10.20.30.1Address: 10.20.30.1#53m.s.test canonical name = test01.node.dev.contoso.com.Name: test01.node.dev.contoso.comAddress: 10.31.9.23admin@linux:~$ nslookup -port=54 m.s.test 10.20.30.1Server: 10.20.30.1Address: 10.20.30.1#54** server can't find m.s.test: NXDOMAINadmin@linux:~$
The problem is surely the test tld and the handling of unbound of it. But I doubt that OPNsense will allow free text user customisations of it...
# local-zone: "test." nodefault
root@opnsense02:~ # configctl template reload custom/UnboundOKroot@opnsense02:~ # cat /var/unbound/etc/custom_server_options.confserver: # Disable default NXDOMAIN for our internal test. TLD local-zone: "test." nodefaultroot@opnsense02:~ # configctl unbound restartOKroot@opnsense02:~ # cat /var/unbound/etc/custom_server_options.confcat: /var/unbound/etc/custom_server_options.conf: No such file or directoryroot@opnsense02:~ #
root@opnsense01:~ # cat /var/unbound/etc/custom_server_options.confserver: # Disable default NXDOMAIN for our internal test. TLD local-zone: "test." nodefaultroot@opnsense01:~ # configctl template reload custom/UnboundOKroot@opnsense01:~ # cat /var/unbound/etc/custom_server_options.confserver: # Disable default NXDOMAIN for our internal test. TLD local-zone: "test." nodefaultroot@opnsense01:~ # configctl unbound restartOKroot@opnsense01:~ # cat /var/unbound/etc/custom_server_options.confserver: # Disable default NXDOMAIN for our internal test. TLD local-zone: "test." nodefaultroot@opnsense01:~ #
The configuration file in /var/unbound/... is generated from the one you are supposed to put in /usr/local/etc/unbound.opnsense.d.As documented in the link posted by netnut.
root@opnsense01:~ # ps aux | grep unboundunbound 39061 0.0 1.0 356572 163636 - Ss 18:11 0:02.11 /usr/local/sbin/unbound -c /var/unbound/unbound.confroot 38534 0.0 0.0 12748 2364 1 S+ 18:14 0:00.00 grep unboundroot@opnsense01:~ # cat /var/unbound/unbound.conf########################### Unbound Configuration############################# Server configuration##server:chroot: /var/unboundusername: unbounddirectory: /var/unboundpidfile: /var/run/unbound.pidroot-hints: /var/unbound/root.hintsuse-syslog: yesport: 53include: /var/unbound/advanced.confharden-referral-path: nodo-ip4: yesdo-ip6: yesdo-udp: yesdo-tcp: yesdo-daemonize: yesso-reuseport: yesmodule-config: "python validator iterator"num-threads: 16msg-cache-slabs: 32rrset-cache-slabs: 32infra-cache-slabs: 32key-cache-slabs: 32auto-trust-anchor-file: /var/unbound/root.key# Interface IP(s) to bind tointerface: 0.0.0.0interface: ::interface-automatic: yes# Private networks for DNS Rebinding prevention (when enabled)private-address: 0.0.0.0/8private-address: 10.0.0.0/8private-address: 100.64.0.0/10private-address: 169.254.0.0/16private-address: 172.16.0.0/12private-address: 192.0.2.0/24private-address: 192.168.0.0/16private-address: 198.18.0.0/15private-address: 198.51.100.0/24private-address: 203.0.113.0/24private-address: 233.252.0.0/24private-address: ::1/128private-address: 2001:db8::/32private-address: fc00::/8private-address: fd00::/8private-address: fe80::/10# Private domains (DNS Rebinding)include: /var/unbound/private_domains.conf# Access listsinclude: /var/unbound/access_lists.conf# Static host entriesinclude: /var/unbound/host_entries.conf# DHCP leases (if configured)# Custom includesinclude: /var/unbound/etc/*.conf# Forwardingforward-zone: name: "." forward-addr: 10.20.30.254 forward-addr: 10.20.30.22 forward-addr: 10.20.50.5 forward-addr: 10.20.50.6python:python-script: dnsbl_module.pyremote-control: control-enable: yes control-interface: 127.0.0.1 control-port: 953 server-key-file: /var/unbound/unbound_server.key server-cert-file: /var/unbound/unbound_server.pem control-key-file: /var/unbound/unbound_control.key control-cert-file: /var/unbound/unbound_control.pemroot@opnsense01:~ #
root@opnsense01:~ # cat /usr/local/opnsense/service/templates/custom/Unbound/+TARGETScustom_server_options.conf:/usr/local/etc/unbound.opnsense.d/custom_server_options.confroot@opnsense01:~ # rm /var/unbound/etc/custom_server_options.confroot@opnsense01:~ # configctl template reload custom/UnboundOKroot@opnsense01:~ # cat /usr/local/etc/unbound.opnsense.d/custom_server_options.confserver: # Disable default NXDOMAIN for our internal test. TLD local-zone: "test." nodefaultroot@opnsense01:~ # configctl unbound checkno errors in /var/unbound/unbound.confroot@opnsense01:~ # configctl unbound restartOKroot@opnsense01:~ # nslookup m.s.test 127.0.0.1Server: 127.0.0.1Address: 127.0.0.1#53Non-authoritative answer:m.s.test canonical name = test01.node.dev.contoso.com.Name: test01.node.dev.contoso.comAddress: 10.31.9.23root@opnsense01:~ #root@opnsense01:~ # ls -al /var/unbound/etc/custom_server_options.conf-rw-r----- 1 unbound unbound 100 Apr 15 18:40 /var/unbound/etc/custom_server_options.confroot@opnsense01:~ # scp -r /usr/local/opnsense/service/templates/custom opnsense02:/usr/local/opnsense/service/templates/custom_server_options.conf 100% 101 316.8KB/s 00:00+TARGETS 100% 88 299.2KB/s 00:00root@opnsense01:~ #