Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    How to remove private-address: from /var/unbound/unbound.conf ?

    DHCP and DNS
    2
    4
    795
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      biterror
      last edited by

      We have a local network with private addresses/names that I have configured to unbound, this is working well.  We also have separate networks across VPN connections, they are also using private (10.x.x.x) addresses which are configured to a public DNS.  Now, when I query any of those hosts, unbound doesn't return the IP's because the configuration file contains "private-address: 10.0.0.0/8" lines.  How can I remove / edit these lines?  I can't see anything in the pfSense 2.4.2 web interface for disabling or editing these entries.

      It took me a long time to figure out what was wrong - I have unbound running on a separate (linux) host for testing and it works just fine.  I thought the problem was with forwarding or firewall or something..

      Thanks!

      1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator
        last edited by

        Turn off rebind protection if upstream dns is going to return public.

        But if you have rfc1918 in a public domain that resolve on the public internet - your doing it WRONG!!~

        https://doc.pfsense.org/index.php/DNS_Rebinding_Protections

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.7.2, 24.11

        1 Reply Last reply Reply Quote 0
        • B
          biterror
          last edited by

          Thanks!  It seems to work now.  ;D

          What is the correct way of setting up a DNS for private names and IPs?  Using a local unbound resolver hides the private names from Internet, but on the other hand, VPN clients often use public DNS so they can't see the private names although they can and are supposed to talk to the private hosts.

          1 Reply Last reply Reply Quote 0
          • johnpozJ
            johnpoz LAYER 8 Global Moderator
            last edited by

            If you have vpn client connecting they should use the local dns through the vpn to resolve rfc1918 address space.  It is BAD PRACTICE to put rfc1918 in public dns… The whole point of rebinding protection is to protect against such practice.

            If you have site to site vpn connections.  Then all your different sites across these site to site connections should be able to resolve what you want them to resolve via internal dns..

            so lets say you have site A and site B via vpn connection.

            Lets call it siteAdomain.tld and siteBdomain.tld..  Its very simple to tell site A dns to ask siteB dns for host.siteBdomain.tld via either delegation or simple domain override if your using say unbound..

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 24.11 | Lab VMs 2.7.2, 24.11

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.