Kea + Unbound + Bind for local name resolution

Started by cinergi, June 06, 2026, 02:01:38 PM

Previous topic - Next topic
Print
Go Down Pages 1 2
User actions
Today at 09:06:36 AM #15 Last Edit: Today at 10:05:48 AM by Monviech (Cedrik)
@Allan

I feel like you ran into this here:
https://github.com/opnsense/plugins/pull/5102

Sounds like an external Bind server might be better, I don't know if this can be reasonably fixed in the plugin.
If your workarounds work, well, that's good though, nice job figuring this all out.

@cinergi

Keeping it simple in your setup sounds indeed like the best plan. The configuration we recommend is this:
https://docs.opnsense.org/manual/dnsmasq.html#dhcpv4-with-dns-registration

Good choice :)
Hardware:
DEC740
Today at 07:01:02 PM #16
Quote from: Monviech (Cedrik) on Today at 09:06:36 AM@cinergi

Keeping it simple in your setup sounds indeed like the best plan. The configuration we recommend is this:
https://docs.opnsense.org/manual/dnsmasq.html#dhcpv4-with-dns-registration

Good choice :)
Now that you mention it...

Why is this :
Quote from: cinergi on Today at 03:04:45 AMSo it's dnsmasq --> Unbound.
Not the default setup ?!

When using DNSmasqd for DHCP and DNS it would be a lot more easier for a lot of people if Unbound was not used as the Primary DNS Resolution and instead just for talking to the Root DNS Servers after DNSmasqd sends it a DNS Query made by a Client on a local network.
Weird guy who likes everything Linux and *BSD on PC/Laptop/Tablet/Mobile and funny little ARM based boards :)
Today at 08:07:47 PM #17 Last Edit: Today at 08:12:21 PM by Monviech (Cedrik)
Most users also want to use Unbound statistics or blocklists by subnet and then it would only show Dnsmasq as its only client (127.0.0.1)

Unbound cannot use magic like dnsmasqs "add-subnet" or "add-mac" which extract the real IP address of the client when the request is forwarded by another dns server.

So having Unbound as main entry point has more benefits.

Also the project owner simply calls it "dnsmasq" https://thekelleys.org.uk/dnsmasq/docs/dnsmasq-man.html
Hardware:
DEC740
Today at 09:04:26 PM #18
Quote from: Monviech (Cedrik) on Today at 09:06:36 AMI feel like you ran into this here:
https://github.com/opnsense/plugins/pull/5102

Sounds like an external Bind server might be better, I don't know if this can be reasonably fixed in the plugin.
If your workarounds work, well, that's good though, nice job figuring this all out.

Thank you! This is indeed what I am bumping into. I wonder if it is possible to write DDNS changes into a separate zone file. That way, the journal can monitor that file instead.
Print
Go Up Pages 1 2
User actions