Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Reverse zones typetransparent when static is set

    Scheduled Pinned Locked Moved DHCP and DNS
    1 Posts 1 Posters 359 Views 1 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B Offline
      beermount
      last edited by beermount

      I have the following simplified design.

      dns-resolver.drawio.png

      To make this work, I have configured the DNS resolver as zone type static, so that queries local to a site is not forwarded, and answered with NXDOMAIN by unbound for records that does not exist.

      The problem I'm encountering is a forwarding loop for the reverse zones, which as far as I can understand are being configured as typetransparent based on the code https://github.com/pfsense/pfsense/blob/062972b368fda9ab69b7bfd17274f8b2e9481401/src/etc/inc/unbound.inc#L700 and also is confirmed by what I'm seeing in /var/unbound/unbound.conf.

      What I would have expected to happen when setting the local-zones as static in the "DNS Resolver" page, is that the local subnet reverse zones would also have been configured as static.

      The workaround I'm currently using is adding custom options where I type these reverse zones in manually.

      site1.pfsense.lan:

      server:
  local-zone: "10.168.192.in-addr.arpa" static

      site2.pfsense.lan:

      server:
  local-zone: "20.168.192.in-addr.arpa" static

      site3.pfsense.lan:

      server:
  local-zone: "30.168.192.in-addr.arpa" static

      The reason I noticed this in the first place, was because of long page load times on the Status -> DHCP Leases page, and sometimes even 502 Gateway Timeout. Most likely because I have some hosts which are not delivering hostnames in their DHCP client requests.

      Is this a something I can create a bug for(or feature request)?

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.