@johnpoz said in Unbound - dns override - resolves on local box , not remote box:
I would go the the specific domain route.
#Me to 😊
Just dropping those 2 lines in every unbound is no prob.
On my home setup where i had an existing linux based DHCP + DNS infrastructure.
I only use unbound to forward to my (existing Bind9 servers) , no pfS 127.0.0.1 resolving. All that hits unbound goes to the Bind9's.
My Phone + MMedia vlans gets a DHCP DNS pointing to a Debian Pihole , that uses the Bind9's.
DNS & especially DHCP is a bit more cumbersome on linux , but i have DDNS (DHCP added entries) working like a charm. And that is s super neat feature.
I have this defined on my home pfS:
server:
private-domain: "mydomain.org"
local-zone: "xxx.10.in-addr.arpa." transparent
local-zone: "yyy.10.in-addr.arpa." transparent
I made that when i was a pfSense "super noob" , and could resolve nothing RFC1918 via my bind9 servers.
I have no idea if the arpa zone should be transaparent or just local.
Google gave me this suggestion , and it has worked since.
Sometimes i promise my self to find out why i have transparent ... And then i postpone again ... 😇
Well i had to now ...
From:
https://www.nlnetlabs.nl/documentation/unbound/unbound.conf/
transparent
If there is a match from local data, the query is answered.
Otherwise if the query has a different name, the query is re-
solved normally. If the query is for a name given in local-
data but no such type of data is given in localdata, then a
noerror nodata answer is returned. If no local-zone is given
local-data causes a transparent zone to be created by de-
fault.
nodefault
Used to turn off default contents for AS112 zones. The other
types also turn off default contents for the zone. The 'node-
fault' option has no other effect than turning off default
contents for the given zone. Use nodefault if you use ex-
actly that zone, if you want to use a subzone, use transpar-
ent.
Seems like transparent is the way to go for me (sub zones)
/Bingo