Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    How to make wildcard like A records I found the documentation but with unbound it didn’t work!

    Scheduled Pinned Locked Moved DHCP and DNS
    13 Posts 3 Posters 3.0k Views 3 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • johnpozJ Online
      johnpoz LAYER 8 Global Moderator @d.k
      last edited by johnpoz

      @d-k Lets see what your doing - this is pretty straight forward.

      wild.jpg

      $ dig @192.168.9.253 example.com +short
      192.168.1.54
      
      $ dig @192.168.9.253 whatever.example.com +short
      192.168.1.54
      
      $ dig @192.168.9.253 somethingelse.whatever.example.com +short
      192.168.1.54
      

      Are your clients even pointing to IP of pfsense for dns, or are they using doh or something..

      An intelligent man is sometimes forced to be drunk to spend time with his fools
      If you get confused: Listen to the Music Play
      Please don't Chat/PM me for help, unless mod related
      SG-4860 25.07.1 | Lab VMs 2.8.1, 25.07.1

      D 1 Reply Last reply Reply Quote 0
      • D Offline
        d.k @viragomann
        last edited by

        @viragomann With dns lookup I could find but in the browser ti didn't showed anything!

        johnpozJ 1 Reply Last reply Reply Quote 0
        • D Offline
          d.k @johnpoz
          last edited by

          @johnpoz First I had trouble with internet connection on lan side but then I figrued out that the eutp hadn't setup pfsense as dns server so I added it to system/general setup and I got internet so I think all clients are connected to the unbound dns server on pfsense!

          1 Reply Last reply Reply Quote 0
          • D Offline
            d.k @d.k
            last edited by

            @d-k I can also can not resolve home.arpa where pfsense should be reachable I guess!

            1 Reply Last reply Reply Quote 0
            • johnpozJ Online
              johnpoz LAYER 8 Global Moderator @d.k
              last edited by

              @d-k said in How to make wildcard like A records I found the documentation but with unbound it didn’t work!:

              but in the browser ti didn't showed anything!

              That would point to your browser using doh, ie not pfsense/unbound as its dns.. This is a common problem, browser makers seem to think its ok with using doh without any actual ok or agreement from the user. Or sometimes users click to use it without actually understanding what it is doing.

              For anything in your local resources for dns - yeah your OS or application (browser) has to be asking your local NS to resolve these - googledns sure and the hell is not going to know about your home.arpa or wildcard settings.

              Look in your browser and disable doh..

              An intelligent man is sometimes forced to be drunk to spend time with his fools
              If you get confused: Listen to the Music Play
              Please don't Chat/PM me for help, unless mod related
              SG-4860 25.07.1 | Lab VMs 2.8.1, 25.07.1

              D 1 Reply Last reply Reply Quote 0
              • D Offline
                d.k @johnpoz
                last edited by

                @johnpoz It seems like safari is not using Doh! I research and on reddit they say to use that website 1.1.1.1 and that outputs if the browser uses doh!:
                Screenshot 2025-01-02 at 00.04.42.png

                I don't know about chrome but there I have no success either!:

                Screenshot 2025-01-02 at 00.07.31.png

                johnpozJ 1 Reply Last reply Reply Quote 0
                • johnpozJ Online
                  johnpoz LAYER 8 Global Moderator @d.k
                  last edited by

                  @d-k why would you think you could resolve just home.arpa to something, home.arpa isn't a fqdn something.home.arpa would be a fqdn.. Did you setup a record in unbound on pfsense to resolve home.arpa to something.. Is pfsense even using home.arpa..

                  Your output you posted is using webserver.lan as a search suffix. That means when you look for something it could be looking for something like home.arpa.webserver.lan

                  And that debug information is telling you your not using doh or dot to 1.1.1.1, not that if safari is pointing elsewhere for doh btw

                  What is pfsense setting in general?

                  pfsense.jpg

                  $ dig sg4860.home.arpa +short
                  192.168.9.253
                  

                  But see home.arpa doesn't resolve to anything...

                  nothing.jpg

                  But I can make it resolve to something if I want

                  homearpa.jpg

                  An intelligent man is sometimes forced to be drunk to spend time with his fools
                  If you get confused: Listen to the Music Play
                  Please don't Chat/PM me for help, unless mod related
                  SG-4860 25.07.1 | Lab VMs 2.8.1, 25.07.1

                  D 2 Replies Last reply Reply Quote 0
                  • D Offline
                    d.k @johnpoz
                    last edited by

                    @johnpoz Thanks that's pretty much I wanted to do to have it easier to access my stuff in the local network instead always enter ip addresses in the browser!

                    1 Reply Last reply Reply Quote 0
                    • D Offline
                      d.k @johnpoz
                      last edited by

                      @johnpoz One question when does the host overrides stop working if they are deleted I deleted one I created and clicked apply but still resolve able!

                      johnpozJ 1 Reply Last reply Reply Quote 0
                      • johnpozJ Online
                        johnpoz LAYER 8 Global Moderator @d.k
                        last edited by

                        @d-k could be just cached locally on your machine - it would depend on how your doing the query.. If you do a directed query to pfsense/unbound with specific tool like dig or your other fav dns tool and it still resolves then maybe unbound didn't restart after you removed it?

                        put if your just doing say a ping or accessing with a brower, which has its own dns cache you could just be getting what is cached locally.

                        Not sure how to do it on macos or safari - but for example in windows and firefox

                        ipconfig /displaydns

                        will show you what is locally cached, and for how much longer - see the time to live line

                        if you go to about:networking#dns

                        In firefox you can see what the browsers specific cache has in it

                        cache.jpg

                        An intelligent man is sometimes forced to be drunk to spend time with his fools
                        If you get confused: Listen to the Music Play
                        Please don't Chat/PM me for help, unless mod related
                        SG-4860 25.07.1 | Lab VMs 2.8.1, 25.07.1

                        D 1 Reply Last reply Reply Quote 0
                        • D Offline
                          d.k @johnpoz
                          last edited by

                          @johnpoz Thanks on Safari I was able to figure out!!: Screenshot 2025-01-02 at 04.34.24.jpg I had to delete this and then it clears all domains entries in the local storage with .home.arpa!

                          1 Reply Last reply Reply Quote 0
                          • First post
                            Last post
                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.