Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Unbound not respecting the Register OpenVPN clients settings?

    Scheduled Pinned Locked Moved DHCP and DNS
    1 Posts 1 Posters 101 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      monsen
      last edited by monsen

      I need some help to figure out if I am doing something wrong or if there is an issue with unbound.

      In short, I have a server in a remote lab that connects to my pfSense box. This remote server is set up as a router, and configured as a gateway in pfSense. All of this works splendidly, and traffic is neatly routed between the networks.

      But, the problem is when I try to use the dns name to contact the remote server. Sometimes it works, sometimes it doesn't. Checking up on what unbound returns for the DNS entry, I found it to be returning the ip's of random computers on the remote lab instead of the actual ip of the server, which is configured in the DNS.

      If I restart unbound, it returns the correct address in the beginning, until traffic from a machine in the lab flows over the vpn connection, and then unbound seems to simply return the ip of the last machine that communicated over the tunnel instead of the correct address. I've even tried to define a host override for that spesific host, but to no avail.

      I thought the "Register connected OpenVPN clients in the DNS Resolver" checkbox on the DNS resolver config page should control this, but the behavior is exactly the same no matter if it is on or off.

      Screenshots below shows the problem. Immediately after restarting unbound, everything is fine and it returns the correct address, but once I put some traffic over the vpn link, the IP's of the computers on the remote side starts to be added to the vpn client's dns entry. Sometimes it doesn't even return the actual address, only the others from the lab.

      For reference, my local LAN is 10.99.99.0/24, the VPN uses 10.99.199.128/25 and the remote lab is 10.0.0.0/23
      Unbound is used as a DNS resolver using the cloudflare DNS for internet, with domain overrides pointing to the DNS servers running at my Windows Server domain controllers, this is also where the actual static entry for that vpn client is defined . All of this works perfectly fine though, the only issue is unbound picking up these extra ip's from the vpn and serving them as if they actually belonged to the domain name.

      afe9be5c-bf9d-4d9b-8254-fe443a988ad3-image.png

      08c6e7d2-b615-4022-99e2-68913695384b-image.png

      Any idea what could be wrong here? Running the latest pfSense plus, 24.03-RELEASE (amd64) on a Netgate 4100

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.