DNS Resolver Authoritative for local.lan
-
Hello,
I am trying to set up the dns resolver so that it provides an authoritative answer for my local.lan. so that if I lookup an address that is not part of my network than it wont forward the lookup to external DNS resolvers. In my research I found that adding the following to the Resolvers custom options should do this:
local-data: "local.lan. 10800 IN SOA pfsense.local.lan. root.local.lan. 1 3600 1200 604800 10800"However I am not having any luck with it working. If I do a
dig nothere.local.lan +traceI do get a NXDOMAIN response but I can see the trace going to root dns servers. I am not an expert and really at a loss for why this isnt working.
-
@toluun you understand that trace will always go to because that is the first lookup in the trace.
If you don't want unbound asking for stuff that is not local - just set the zone to static in unbound config.
static If there is a match from local data, the query is answered. Otherwise, the query is answered with nodata or nxdomain. For a negative answer a SOA is included in the answer if present as local-data for the zone apex domain. -
@johnpoz So I do have static set but then before the definition of static shouldn't i get an SOA response bases on the custom setting:
For a negative answer a SOA is included in the answer if present as local-data for the zone apex domain.I am sure I am missing something but when I did:
dig nothere.local.lanI was expecting an answer more like:
;; AUTHORITY SECTION: local.lan. 10800 IN SOA pfsense.local.lan. root.local.lan. 1 3600 1200 604800 10800 -
Seems to be an issue with my linux installation. If I specify the dns server it responds as expected.
dig @192.168.20.1 notthere.local.lan
