Unable to set custom unbound options

fdfdfff2

I have a domain I own and use valid certificates for, to serve resources locally.

I have had a custom option set on the unbound DNS resolver (Display Custom Options -> Custom Options), which contained the following:

local-zone: "asd.com." redirect
local-data: "asd.com. IN A 192.168.30.100"

So any internal lookups for whatever.asd.com would direct to 192.168.30.100.

This has all worked fine for months, however today when I try to edit any unbound settings, I receive an error message:

The following input errors were detected:

The generated config file cannot be parsed by unbound. Please correct the following errors:
/var/unbound/test/unbound.conf:116: error: syntax error
read /var/unbound/test/unbound.conf failed: 1 errors in configuration file

The line numbers match with the Custom Options data added above.

I performed some debugging by manually editing /var/unbound/unbound.conf and reloading it unbound-control -c /var/unbound/unbound.conf reload and it appears the issue is due to where in the unbound.conf file the custom options are added.

If I add the exact same lines higher in the configuration file (but still under the server: directive), the service and configuration works as intended - I'm not sure what has changed or what is causing this syntax error.

Manual edits are fine to debug and temporarily fix internal resolutions, but Pfsense will overwrite the unbound.conf file and my changes are lost. I also don't want to manually add host overrides for all internal services, I want to use the wildcard configuration.

Can someone assist me on how to retain the persistent changes for unbound? Or has any ideas on what is causing the syntax error?

I also use pfblocker-ng, which may be related.

Gertjan

@fdfdfff2 said in Unable to set custom unbound options:

I have had a custom option set on the unbound DNS resolver (Display Custom Options -> Custom Options), which contained the following:

local-zone: "asd.com." redirect
local-data: "asd.com. IN A 192.168.30.100"

So any internal lookups for whatever.asd.com would direct to 192.168.30.100.

Try this :
unbound local-data and look at the first link proposed.

From what I recall, local-data and local-zone option need to be in a server: block, like this (see link for example).

If this was working before, this means you had the "server:" line at the top, and managed to remove it ?

But why using the custom options ?
Create a DNS override ( ?!) :

fdfdfff2

I like using the wildcard rather than host overrides, since I need to add one for every service - rather than a wildcard which is more dynamic.

I didn't change anything about the configuration or setup from the Custom Options - not sure why/what changed for the configuration to no longer work.

Gertjan

@fdfdfff2 said in Unable to set custom unbound options:

not sure why/what changed for the configuration to no longer work

What changed is clear now.
This works for me :

Fact check :

C:\Users\Gauche>nslookup asd.com
Serveur :   pfSense.bhf.tld
Address:  2a01:cb19:dead:beef:92ec:77ff:fe29:392c

Nom :    asd.com
Address:  192.168.30.100

fdfdfff2

Perfect - you are right, thanks so much!