disabling DNSSEC stops local hostname resolution?
-
@JonSmizza said in disabling DNSSEC stops local hostname resolution?:
I'm not sure of the exact syntax required, so I tried a few variations:
server:
domain-insecure: "internal."server:
domain-insecure: "internal"server:
domain-insecure: "<local-domain>."You have to state your exact local domain with a dot at the right.
Ensure that this domain is stated in pfSense in the general setting and also your machines are within this domain. -
@viragomann said in disabling DNSSEC stops local hostname resolution?:
You have to state your exact local domain with a dot at the right.
Ensure that this domain is stated in pfSense in the general setting and also your machines are within this domain.Thank you, we should be OK there:
However, I'm stuck with the issue as per my previous post where is seems changing any setting in DNS Resolver results in non-working local resolution.
-
This post is deleted! -
Think I've narrowed this down a bit more.
I located the config file
/conf/config.xmland saved it before and after making changes to unbound via the pfSense UI.Compared the two files, and saw only a couple of minor changes, but found what seems to be causing my issue.
In the config section for unbound, the working config has:
[regdhcp][/regdhcp]
[regdhcpstatic][/regdhcpstatic](but with less-than and greater-than instead of square brackets - I had to change these so this post wasn't flagged as spam)
...but these are not written into the changed config file.
If I manually remove them from the working config, then restart unbound, I then get the NXDOMAIN error during a local hostname lookup.
Might be a bug?
There's also an entry for
[dnssec][/dnssec]missing from the changed config too, but this doesn't affect my local lookups. -
More info, I think my problem will be related to this post: https://forum.netgate.com/post/1152951
My DHCP Backend is
Kea DHCP -
Just a final post: everything works fine as long as I transfer over those two empty XML blocks into the updated config file.
@viragomann thank you for the idea regarding
domain-insecure, I've now incorporated that into my setup.
Cheers!
-
@JonSmizza Kea is in preview status and DHCP lease registration is not yet supported so yeah probably a bug.
https://docs.netgate.com/pfsense/en/latest/releases/2-7-1.html#kea-dhcp-server-feature-preview-now-availableI would just change back until it’s ready.
-
@SteveITS thank you, I wish I had known this before switching... reading the on-screen notes in pfSense suggested I was better-off using Kea.
Anyway, apart from the issue I posted, it's been fine, so I'll stick with it unless future failures become too painful to bear.
Cheers!
-
@JonSmizza said in disabling DNSSEC stops local hostname resolution?:
I wish I had known this before switching
Clearly stated in the release notes.. Clearly stated in the blog they wrote about it.. Multiple Multiple threads here on the forum about it.
-
@johnpoz said in disabling DNSSEC stops local hostname resolution?:
Clearly stated in the release notes.. Clearly stated in the blog they wrote about it.. Multiple Multiple threads here on the forum about it.
If only it had been clearly stated where it really matters.
Oh well. ¯_(ツ)_/¯
