Unbound DNS configuration

jan.gestre · Sep 20, 2011, 6:08 AM

Hi Everyone,

I'm on pfSense 2.0 and I'm using Unbound as DNS, I can't find the interface where I can add entries, like adding an A Record, it also appears that there is no way but to use CLI for this. It usually works by just adding static entries to the /etc/hosts file, unfortunately it doesn't work for me. Also tried editing this file –> /usr/local/etc/unbound/unbound.conf, then added the following:

local-data: "repo.domainname.local A 10.10.10.3"
local-data: "repo A 10.10.10.3"

But after rebooting, the additional entries are no longer there, I also tried to follow the instructions in this thread --> http://forum.pfsense.org/index.php/topic,35808.0.html wherein it was mentioned that Unbound DNS also uses the same hosts and domain overrides when using DNSMasq, unfortunately this does not work for me, even after reboot.

One thing more, PC's connected shows OpenDNS as DNS server instead of the ip address of pfSense, it should say the ip address of pfSense, right?

There are two local servers in the LAN that should be accessed by their respective FQDN but can only be accessed using its local ip address.

When I tried to ping the FQDN of the said servers from LAN, it returns (although does not reply) the public ip address. Is there a way to fix this?

Many thanks!

jan.gestre · Sep 20, 2011, 8:52 AM

The DNS forwarding host entries are already reflected in Unbound DNS but I still can't ping the local server via its FQDN even though the following is in Unbound DNS Status page:

Host entries

local-zone: "domain.lan" transparent
local-data-ptr: "127.0.0.1 localhost"
local-data: "localhost A 127.0.0.1"
local-data: "localhost.domain.lan A 127.0.0.1"
local-data-ptr: "10.10.10.254 fw.domain.lan"
local-data: "fw.domain.lan A 10.10.10.254"
local-data: "fw A 10.10.10.254"
local-data-ptr: "10.10.10.3 repo.domain.net"
local-data: "repo.domain.net IN A 10.10.10.3"
local-data-ptr: "10.10.10.181 sandbox.domain.net"
local-data: "sandbox.domain.net IN A 10.10.10.181"

Hope someone could help identify the fix.

Thanks!

johnpoz · Sep 21, 2011, 3:40 PM

"PC's connected shows OpenDNS as DNS server instead of the ip address of pfSense"

Well yeah thats going to be a problem, if you want to resolve local domains like domain.lan you sure can not be asking opendns about it ;)

I am running unbound and not having any issues resolving local clients that I put in to dns fowarder, "You may enter records that override the results from the forwarders below" section at the bottom

example

; <<>> DiG 9.7.3 <<>> ubuntu.local.lan
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21936
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;ubuntu.local.lan. IN A

;; ANSWER SECTION:
ubuntu.local.lan. 3600 IN A 192.168.1.7

;; Query time: 3 msec
;; SERVER: 192.168.1.253#53(192.168.1.253)
;; WHEN: Wed Sep 21 10:36:30 2011
;; MSG SIZE rcvd: 50

; <<>> DiG 9.7.3 <<>> -x 192.168.1.7
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17220
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;7.1.168.192.in-addr.arpa. IN PTR

;; ANSWER SECTION:
7.1.168.192.in-addr.arpa. 3600 IN PTR ubuntu.local.lan.

;; Query time: 5 msec
;; SERVER: 192.168.1.253#53(192.168.1.253)
;; WHEN: Wed Sep 21 10:36:43 2011
;; MSG SIZE rcvd: 72

here is from my unbound status configuration section


# Host entries
local-zone: "local.lan" transparent
local-data-ptr: "127.0.0.1 localhost"
local-data: "localhost A 127.0.0.1"
local-data: "localhost.local.lan A 127.0.0.1"
local-data-ptr: "::1 localhost"
local-data: "localhost AAAA ::1"
local-data: "localhost.local.lan AAAA ::1"
local-data-ptr: "192.168.1.253 pfsense.local.lan"
local-data: "pfsense.local.lan A 192.168.1.253"
local-data: "pfsense A 192.168.1.253"
local-data-ptr: "192.168.1.220 cc-bridge.local.lan"
local-data: "cc-bridge.local.lan IN A 192.168.1.220"
local-data: 'cc-bridge.local.lan TXT "current cost bridge"'
local-data-ptr: "192.168.1.97 dvr1.local.lan"
local-data: "dvr1.local.lan IN A 192.168.1.97"
local-data-ptr: "192.168.1.98 dvr2.local.lan"
local-data: "dvr2.local.lan IN A 192.168.1.98"
local-data-ptr: "192.168.1.201 kim-pc.local.lan"
local-data: "kim-pc.local.lan IN A 192.168.1.201"
local-data: 'kim-pc.local.lan TXT "kim laptop"'
local-data-ptr: "192.168.1.4 p4-28g.local.lan"
local-data: "p4-28g.local.lan IN A 192.168.1.4"
local-data-ptr: "192.168.1.99 pch.local.lan"
local-data: "pch.local.lan IN A 192.168.1.99"
local-data-ptr: "192.168.1.253 pfsense.local.lan"
local-data: "pfsense.local.lan IN A 192.168.1.253"
local-data: 'pfsense.local.lan TXT "pfsense"'
local-data-ptr: "192.168.1.128 qs108t.local.lan"
local-data: "qs108t.local.lan IN A 192.168.1.128"
local-data-ptr: "192.168.1.100 quad-w7.local.lan"
local-data: "quad-w7.local.lan IN A 192.168.1.100"
local-data: 'quad-w7.local.lan TXT "quad-w7"'
local-data-ptr: "192.168.1.50 samsung.local.lan"
local-data: "samsung.local.lan IN A 192.168.1.50"
local-data: 'samsung.local.lan TXT "printer"'
local-data-ptr: "192.168.1.206 smpozni.local.lan"
local-data: "smpozni.local.lan IN A 192.168.1.206"
local-data: 'smpozni.local.lan TXT "sean laptop"'
local-data-ptr: "192.168.1.7 ubuntu.local.lan"
local-data: "ubuntu.local.lan IN A 192.168.1.7"
local-data-ptr: "192.168.1.252 wrt54g.local.lan"
local-data: "wrt54g.local.lan IN A 192.168.1.252"

jan.gestre · Sep 22, 2011, 7:36 AM

It's working but not the way I want it to be, it is suppose to be asking OpenDNS only if the query is intended outside of LAN, however this is not the case here, I'm not sure what I'm missing here.

Here's the host entries as shown in Unbound's status page:

Host entries

local-zone: "domain.lan" transparent
local-data-ptr: "127.0.0.1 localhost"
local-data: "localhost A 127.0.0.1"
local-data: "localhost.domain.lan A 127.0.0.1"
local-data-ptr: "10.10.10.254 fw.domain.lan"
local-data: "fw.domain.lan A 10.10.10.254"
local-data: "fw A 10.10.10.254"
local-data-ptr: "10.10.10.3 repo.domain.net"
local-data: "repo.domain.net IN A 10.10.10.3"
local-data-ptr: "10.10.10.181 sandbox.domain.net"
local-data: "sandbox.domain.net IN A 10.10.10.181"

Having a .net domain aside from the default .lan does not matter, right?

Could you show me a screenshot of your Unbound DNS configuration, or you could point out what's wrong with my configuration as shown in the screenshots provided.

Many thanks!

![Unbound DNS Settings.png](/public/imported_attachments/1/Unbound DNS Settings.png)
![Unbound DNS Settings.png_thumb](/public/imported_attachments/1/Unbound DNS Settings.png_thumb)
![Unbound DNS Advanced Settings.png](/public/imported_attachments/1/Unbound DNS Advanced Settings.png)
![Unbound DNS Advanced Settings.png_thumb](/public/imported_attachments/1/Unbound DNS Advanced Settings.png_thumb)

johnpoz · Sep 22, 2011, 12:22 PM

"it is suppose to be asking OpenDNS only if the query is intended outside of LAN"

What??

Your clients "pc" should have 1 dns entry and that is your unbound box. If you point your client at more than 1 dns you have know idea which one it will use. You just don't, its not like it will ask opendns for google.com and your unbound box for domain.lan

You have your unbound setup as your forwarder, the way it suppose to work is your client asks unbound for all its dns, if unbound knows about the domain/record then it answers, if not then it goes and asks the roots and does the lookup for the client.

If you just want to ask opendns for stuff that is not on your local domain then you need to check what you have unchecked "enable forwarding mode" Then it will ask whatever servers you have pfsense setup to use vs doing its own recursive lookups. But the power of unbound is having it do the looksup for you, not just a dumb forwarder if you ask me. If you just want a forwarder you and use the built in for that.

Again "PC's connected shows OpenDNS as DNS server instead of the ip address of pfSense" this is your issue not your unbound config.

jan.gestre · Sep 22, 2011, 11:22 PM

@johnpoz:

"it is suppose to be asking OpenDNS only if the query is intended outside of LAN"

What??

Your clients "pc" should have 1 dns entry and that is your unbound box. If you point your client at more than 1 dns you have know idea which one it will use. You just don't, its not like it will ask opendns for google.com and your unbound box for domain.lan

You have your unbound setup as your forwarder, the way it suppose to work is your client asks unbound for all its dns, if unbound knows about the domain/record then it answers, if not then it goes and asks the roots and does the lookup for the client.

If you just want to ask opendns for stuff that is not on your local domain then you need to check what you have unchecked "enable forwarding mode" Then it will ask whatever servers you have pfsense setup to use vs doing its own recursive lookups. But the power of unbound is having it do the looksup for you, not just a dumb forwarder if you ask me. If you just want a forwarder you and use the built in for that.

Again "PC's connected shows OpenDNS as DNS server instead of the ip address of pfSense" this is your issue not your unbound config.

Yes, I know how it is supposed to work, that is why I'm asking if there's something not right with my Unbound configuration. If you noticed, the DNS forwarding option is not ticked, this is to force the client to resolve first using Unbound, correct?

Also, if I used the default DNSmasq instead, I have no problem, the dhcp client's ip configuration is what it is supposed to be, i.e. gateway and dns server points to the ip address of pfSense, and clients can resolve the FQDN of the local servers properly, unfortunately when I used Unbound (disabled DNSmasq), it's a different story altogether, the client machines sees OpenDNS instead of pfSense's.

jan.gestre · Sep 23, 2011, 3:52 AM

The issue I'm experiencing is basically the same as in this thread –> http://forum.pfsense.org/index.php?topic=31140.0, which is just basically straightforward, if the package is already fixed (Dec 2010) so it will work with the just released 2.0. I've already tried various configuration possible on both General:Setup and Unbound, nothing seems to work. Another odd thing is that when I tried to resolve using dig @ip.add.ress of pfSense repo.domain.net ,

dig @10.10.10.254 repo.domain.net

; <<>> DiG 9.5.2-RedHat-9.5.2-1.fc10 <<>> @10.10.10.254 repo.domain.net
; (1 server found)
;; global options: printcmd
;; connection timed out; no servers could be reached

It appears that Unbound is not running, how can that be if Services it shows it is running and forwards requests to OpenDNS.

Weird!

wallabybob · Sep 23, 2011, 10:54 AM

@madapaka:

Also, if I used the default DNSmasq instead, I have no problem, the dhcp client's ip configuration is what it is supposed to be, i.e. gateway and dns server points to the ip address of pfSense, and clients can resolve the FQDN of the local servers properly, unfortunately when I used Unbound (disabled DNSmasq), it's a different story altogether, the client machines sees OpenDNS instead of pfSense's.

Sounds like a DHCP configuration issue.

johnpoz · Sep 23, 2011, 12:06 PM

"It appears that Unbound is not running, how can that be if Services it shows it is running and forwards requests to OpenDNS. "

Service showing it running does not actually mean its listening on that IP, maybe its only listening on loopback?

Sorry but its IMPOSSIBLE what you say, if you can not talk to your unbound box on dns port – then its not possible for it to be forwarding them opendns.

Please post the output of your clients ipconfig /all -- sorry but YOU CAN NOT point them to more than your pfsense for dns and expect it to work like you want. If you want to resolve local domains, then you have to only point to local dns.

jan.gestre · Sep 23, 2011, 1:48 PM

@wallabybob:

@madapaka:

Also, if I used the default DNSmasq instead, I have no problem, the dhcp client's ip configuration is what it is supposed to be, i.e. gateway and dns server points to the ip address of pfSense, and clients can resolve the FQDN of the local servers properly, unfortunately when I used Unbound (disabled DNSmasq), it's a different story altogether, the client machines sees OpenDNS instead of pfSense's.

Sounds like a DHCP configuration issue.

The DHCP server's configuration are just defaults except the range of ip addresses leases, and I think if there was something wrong, DNSmasq would not work either, but that is not the case.

johnpoz · Sep 23, 2011, 1:58 PM

I do believe the default dhcp would hand out whatever dns you have set in pfsense.

post your ipconfig /all output from dhcp client and we will know for sure what its using for dns.

jan.gestre · Sep 23, 2011, 2:10 PM

@johnpoz:

"It appears that Unbound is not running, how can that be if Services it shows it is running and forwards requests to OpenDNS. "

Service showing it running does not actually mean its listening on that IP, maybe its only listening on loopback?

Sorry but its IMPOSSIBLE what you say, if you can not talk to your unbound box on dns port – then its not possible for it to be forwarding them opendns.

Please post the output of your clients ipconfig /all -- sorry but YOU CAN NOT point them to more than your pfsense for dns and expect it to work like you want. If you want to resolve local domains, then you have to only point to local dns.

What you're saying does not make any sense, I already posted the screenshot of Unbound DNS's configuration and it shows that it is listening on LAN (see again attached screenshot as proof). Tried forcing the clients to use pfSense's ip address as DNS server but if I do that, then the client machine loses it internet connection. When I revert the setting i.e. to receive ip address from the DHCP server, internet connection is working but when you view its connection details via ipconfig /all DNS shows OpenDNS instead that of pfSense's (please see results below).

Connection-specific DNS Suffix . : local
Description . . . . . . . . . . . : Atheros AR5B93 Wireless Network Adapter
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 10.10.10.103(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Friday, September 23, 2011 9:43:18 PM
Lease Expires . . . . . . . . . . : Saturday, September 24, 2011 9:43:18 PM
Default Gateway . . . . . . . . . : 10.10.10.254
DHCP Server . . . . . . . . . . . : 202.67.222.222
202.67.220.220

The issue I'm having with Unbound is the same issue posted here in this link –> http://forum.pfsense.org/index.php?topic=31140.0 (pfSense RC release, thread closed) which was apparently fixed because the package maintainer (wagonza?) updated the package.

![Unbound DNS Settings.png](/public/imported_attachments/1/Unbound DNS Settings.png)
![Unbound DNS Settings.png_thumb](/public/imported_attachments/1/Unbound DNS Settings.png_thumb)

johnpoz · Sep 23, 2011, 2:57 PM

Dude!

You clearly showed that your pfsense box is not even listening for dns on its lan IP

@10.10.10.254 repo.domain.net
;; connection timed out; no servers could be reached

And then that ipconfig output doesn't even show any dns, so how exactly do you expect to do dns???

Connection-specific DNS Suffix . : local
Description . . . . . . . . . . . : Atheros AR5B93 Wireless Network Adapter
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 10.10.10.103(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Friday, September 23, 2011 9:43:18 PM
Lease Expires . . . . . . . . . . : Saturday, September 24, 2011 9:43:18 PM
Default Gateway . . . . . . . . . : 10.10.10.254
DHCP Server . . . . . . . . . . . : 202.67.222.222
202.67.220.220

Also that local suffix does not look right, I would not suggest using a root tld as your local suffix, something like local.lan would be better. If you hosting boxes on domain.net, why would that not be your local dns suffix?

Please post what your clients are using for DNS from an ipconfig /all output!! And show that your pfsense box is actually listening on that lan IP for dns.. example

here is my pfsense netstat -an output showing what IPs 53 is listening on

[2.1-DEVELOPMENT][admin@pfsense.local.lan]/root(9): netstat -an
Active Internet connections (including servers)
Proto Recv-Q Send-Q Local Address Foreign Address (state)
tcp4 0 0 192.168.1.253.22 10.0.200.6.1824 ESTABLISHED
tcp4 0 0 24.13.xx.xx.443 64.43.xx.xx.43508 ESTABLISHED
tcp6 0 0 *.80 . LISTEN
tcp4 0 0 *.80 . LISTEN
tcp4 0 0 127.0.0.1.953 . LISTEN
tcp6 0 0 ::1.53 . LISTEN
tcp4 0 0 127.0.0.1.53 . LISTEN
tcp6 0 0 2001:470:snipped:b8.53 . LISTEN
tcp4 0 0 192.168.1.253.53 . LISTEN
tcp4 0 0 24.13.xx.xx.443 . LISTEN
tcp4 0 0 *.4949 . LISTEN
tcp4 0 0 *.22 . LISTEN
tcp6 0 0 *.22 . LISTEN
udp4 0 0 . .
udp4 0 0 . .
udp4 0 0 . .
udp4 0 0 . .
udp4 0 0 . .
udp6 0 0 ::1.53 .
udp4 0 0 127.0.0.1.53 .
udp6 0 0 2001:470:snipped:b8.53 .
udp4 0 0 192.168.1.253.53 .
udp4 0 0 192.168.1.253.42571 192.168.1.4.123
udp4 0 0 127.0.0.1.123 .
udp4 0 0 192.168.1.253.123 .
udp4 0 0 192.168.1.253.161 .
udp4 0 0 . .
udp4 0 0 127.0.0.1.6969 .
udp4 0 0 .514 .
udp6 0 0 .514 .
icm4 0 0 24.13.xx.xx. .
icm6 0 0 2001:470:snipped:b8. .
icm6 0 0 . .

I snipped out my public ipv4 and my public ipv6 addresses

and as you can clearly see from – Im listening on 192.168.1.253 on udp and tcp 53, and that is where my client points for dns

C:\Windows\System32>ipconfig /all

Windows IP Configuration

Host Name . . . . . . . . . . . . : i5-w7
Primary Dns Suffix . . . . . . . : local.lan
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : local.lan

Ethernet adapter gig:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom NetLink (TM) Gigabit Ethernet
Physical Address. . . . . . . . . : 18-03-73-B1-0D-D3
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:470:snipped:b85::666(Preferred)
Link-local IPv6 Address . . . . . : fe80::21c9:720e:aea5:37e9%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.100(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 2001:470:snipped:b85::1
192.168.1.253
DNS Servers . . . . . . . . . . . : 2001:470:snipped:b85::1
192.168.1.253
NetBIOS over Tcpip. . . . . . . . : Enabled

C:\Windows\System32>

**edit: btw does your dhcp servers being listed as public IPs?

DHCP Server . . . . . . . . . . . : 202.67.222.222
202.67.220.220

Connection-specific DNS Suffix . : local
Description . . . . . . . . . . . : Atheros AR5B93 Wireless Network Adapter
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 10.10.10.103(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Friday, September 23, 2011 9:43:18 PM
Lease Expires . . . . . . . . . . : Saturday, September 24, 2011 9:43:18 PM
Default Gateway . . . . . . . . . : 10.10.10.254
DHCP Server . . . . . . . . . . . : 202.67.222.222
202.67.220.220

OH – YOU EDITED it??? to show DHCP vs DNS??? Those are opendns IPs are they not??**

That client is never going to ask your pfsense box anything about DNS if those 202 addresses are you dns vs what your output says is you have 2 dhcp servers???

jan.gestre · Sep 23, 2011, 3:48 PM

Ignore the ipconfig /all results, just wanted to show you that it's pointing to OpenDNS and not pfSense's, I'm not in the office anymore, hope you get what I mean.

Anyways, just SSH to pfSense now and this is netstat's output:

[2.0-RELEASE][root@fw.domain.lan]/root(1): netstat -an
Active Internet connections (including servers)
Proto Recv-Q Send-Q Local Address Foreign Address (state)
tcp4 0 0 10.10.10.254.22222 10.10.10.3.50141 ESTABLISHED
tcp4 0 0 127.0.0.1.953 . LISTEN
tcp4 0 0 10.10.10.254.53 . LISTEN
tcp4 0 0 *.80 . LISTEN
tcp4 0 0 *.4343 . LISTEN
tcp4 0 0 *.22222 . LISTEN
tcp6 0 0 *.22222 . LISTEN
udp4 0 0 12x.xx.1xx.26.41858 69.xx.xx.29.123
udp4 0 0 12x.xx.1xx.26.57824 69.xx.xx9.51.123
udp4 0 0 12x.xx.1xx.26.21195 65.1xx.224.60.123
udp4 0 0 10.10.10.254.123 .
udp4 0 0 *.67 .
udp6 0 0 *.60356 .
udp4 0 0 *.56121 .
udp4 0 0 *.514 .
udp6 0 0 .514 .
udp4 0 0 10.10.10.254.53 .
udp4 0 0 . .
udp4 0 0 . .
udp4 0 0 127.0.0.1.6969 .
icm4 0 0 . .
icm4 0 0 12x.xx.1xx.26. .

As you can see, it's listening on both TCP/UDP on port 53

–-

_OH – YOU EDITED it??? to show DHCP vs DNS??? Those are opendns IPs are they not??

That client is never going to ask your pfsense box anything about DNS if those 202 addresses are you dns vs what your output says is you have 2 dhcp servers???_

As I've said I'm not in the office anymore, but what I'm trying to show you is a replica of the configuration when I was behind pfSense.

What I can't understand is why is pfSense's DHCP server leasing/giving OpenDNS's ip address instead of its own, note they were not manual configured, they were provided by DHCP.

When using DNSmasq, client gets pfSense's ip address as DNS server but when Unbound is enabled, it points to OpenDNS instead of its own.

johnpoz · Sep 23, 2011, 4:34 PM

Well if your listening why can you not connect? Firewall rule, acl in unbound.

As to why your pfsense box is not handing out itself in dhcp.

I am currently not running the pfsense dhpc, but from this statement in the dhcp server section under where you put dns.

NOTE: leave blank to use the system default DNS servers - this interface's IP if DNS forwarder is enabled, otherwise the servers configured on the General page.

Did you put in the pfsense IP? If you left it blank then it would hand out whatever you have setup for pfsense to use for dns - or what your pfsense box got from your ISP maybe.

tebeve · Sep 23, 2011, 5:35 PM

Actually, as I learned in this thread over on the IPv6 board, from wagonza… "There is currently no integration between DHCP and Unbound…"

@wagonza:

There is currently no integration between DHCP and Unbound, in other words you will need to assign the IPs you want given o your DHCP clients by manually configuring them in the DHCP configuration page. Currently the way v4+v6 works is that when the DHCP service is set up it checks for:

Manually configured DNS servers and assigns those, if those are not configured

It then checks to see if dnsmasq is enabled. If it is enabled, it assigns the IP(s) configured on the LAN. If it is not enabled

it assigns the DNS servers configured in System->General Setup to the DHCP clients.

I know databeestje has also mentioned some other rtadvd fixes that he is looking into fixing, but the above still stands until Unbound is fully integrated. Which I guess is now becoming a necessity…so best I get cracking :)

This holds true for both IPv4 & IPv6 I believe.

So on the DHCP config page, under the DNS server fields, just put your pfSense box IP not the openDNS server addresses, clients will then use the pfSense box, which in turn will use the Unbound config to look up local entries then roll to the DNS servers listed on the System : General Setup -> DNS settings for all external lookups…. I think this is what johnpoz has been trying to get at.

jan.gestre · Sep 26, 2011, 1:52 AM

@tebeve:

Actually, as I learned in this thread over on the IPv6 board, from wagonza… "There is currently no integration between DHCP and Unbound…"

@wagonza:

There is currently no integration between DHCP and Unbound, in other words you will need to assign the IPs you want given o your DHCP clients by manually configuring them in the DHCP configuration page. Currently the way v4+v6 works is that when the DHCP service is set up it checks for:

Manually configured DNS servers and assigns those, if those are not configured

It then checks to see if dnsmasq is enabled. If it is enabled, it assigns the IP(s) configured on the LAN. If it is not enabled

it assigns the DNS servers configured in System->General Setup to the DHCP clients.

I know databeestje has also mentioned some other rtadvd fixes that he is looking into fixing, but the above still stands until Unbound is fully integrated. Which I guess is now becoming a necessity…so best I get cracking :)

This holds true for both IPv4 & IPv6 I believe.

So on the DHCP config page, under the DNS server fields, just put your pfSense box IP not the openDNS server addresses, clients will then use the pfSense box, which in turn will use the Unbound config to look up local entries then roll to the DNS servers listed on the System : General Setup -> DNS settings for all external lookups…. I think this is what johnpoz has been trying to get at.

Thanks everyone, especially tebeve, that practically did it. I guess someone has to update the Unbound DNS wiki page.

johnpoz · Sep 26, 2011, 2:11 AM

"I guess someone has to update the Unbound DNS wiki page."

Why??? WTF does unbound config or wiki have to do with what your dhcp server hands out for dns??

What is required is some basic understanding of what dns is and what dhcp does.

jan.gestre · Sep 26, 2011, 3:34 AM

@johnpoz:

"I guess someone has to update the Unbound DNS wiki page."

Why??? WTF does unbound config or wiki have to do with what your dhcp server hands out for dns??

What is required is some basic understanding of what dns is and what dhcp does.

Watch your language! What did I say to you to deserve that! Isn't it obvious, there is a need to update! If you don't get it I guess you don't understand what I'm saying, if you don't have anything good to say, just keep it to yourself!

jan.gestre · Sep 26, 2011, 5:03 AM

@madapaka:

@tebeve:

Actually, as I learned in this thread over on the IPv6 board, from wagonza… "There is currently no integration between DHCP and Unbound…"

@wagonza:

There is currently no integration between DHCP and Unbound, in other words you will need to assign the IPs you want given o your DHCP clients by manually configuring them in the DHCP configuration page. Currently the way v4+v6 works is that when the DHCP service is set up it checks for:

Manually configured DNS servers and assigns those, if those are not configured

It then checks to see if dnsmasq is enabled. If it is enabled, it assigns the IP(s) configured on the LAN. If it is not enabled

it assigns the DNS servers configured in System->General Setup to the DHCP clients.

I know databeestje has also mentioned some other rtadvd fixes that he is looking into fixing, but the above still stands until Unbound is fully integrated. Which I guess is now becoming a necessity…so best I get cracking :)

This holds true for both IPv4 & IPv6 I believe.

So on the DHCP config page, under the DNS server fields, just put your pfSense box IP not the openDNS server addresses, clients will then use the pfSense box, which in turn will use the Unbound config to look up local entries then roll to the DNS servers listed on the System : General Setup -> DNS settings for all external lookups…. I think this is what johnpoz has been trying to get at.

Thanks everyone, especially tebeve, that practically did it. I guess someone has to update the Unbound DNS wiki page.

Spoke too soon, when I rebooted pfSense, it's no longer working, reverted to the old config, at least it's working although not like it's supposed to be.