Unbound or dns-server(PFSense TinyDNS Ver)
-
I don't know which pfSense version you are starting off with, but since you are setting up and using Unbound I suggest you might as well start on 2.2, rather than using the package on 2.1.5 and then upgrading.
Unbound is working OK for me on 2.2, using both host overrides and domain overrides. -
I don't know which pfSense version you are starting off with, but since you are setting up and using Unbound I suggest you might as well start on 2.2, rather than using the package on 2.1.5 and then upgrading.
Unbound is working OK for me on 2.2, using both host overrides and domain overrides.My only issue was where to add them which I figured out and the format for the entries which I also figured out, I have no issues with Unbound at this time.
-
I don't know which pfSense version you are starting off with, but since you are setting up and using Unbound I suggest you might as well start on 2.2, rather than using the package on 2.1.5 and then upgrading.
Unbound is working OK for me on 2.2, using both host overrides and domain overrides.Are you saying that with Unbound installed from the package repo, when I upgrade to 2.X something will break?
-
There is upgrade code to convert from the package in 2.1.n to the system-provided unbound in 2.2:
https://github.com/pfsense/pfsense/blob/master/etc/inc/upgrade_config.inc
function upgrade_110_to_111()So it should all work the same after upgrading to 2.2
-
OK! Thanks! Just wanted to make sure. Can you edit the config through the web gui in 2.X?
-
The config is defined/written from the settings made in the webGUI. There is an "Advanced" box to enter extra things into the config that are not already settings in the GUI.
-
The config is defined/written from the settings made in the webGUI. There is an "Advanced" box to enter extra things into the config that are not already settings in the GUI.
Saw that, but until I read/confirmed what I could put in there I didn't try entering my host/domain overrides. I cant seem to find any good clear info with examples of what domain overrides are. I found plenty on host overrides which I manually entered due to not knowing what would happen if I entered them in the advanced box.
-
After setting up Unbound, which seems great so far, my primary domain shows
local-zone: "domain.com" transparent
I ran across nothing on how to point domain.com to an IP
I know i can specify with local-data domain.mainsite.com IN A IP, but the mainsite.com is an actual site to an internal web server, if I switch it to static how do i tell mainsite.com to point to the internal servers IP? Sorry for the n00b ?'s, I have never used Unbound before. I have been reading all I can off Google, but I cant seem to find what I am trying to figure out. I have used BIND for years, TinyDNS, and DNSMASQ. This is my first with Unbound.
-
I will give a few general principles, and then ask others for detail if you need it.
- Use the provided fields in the DNS Resolver webGUI as much as possible. The idea is that 95% of users should be able to configure everything they need in the webGUI.
- Put your pfSense in the same domain as the servers/devices on your intranet (local internal LAN). (System->General Setup, Domain). Then pfSense and Unbound are by default doing names for stuff in the domain that your internal devices are using.
- Host Overrides - add names here in the webGUI for devices that are;
a) Not known elsewhere (e.g. a print server on your LAN or… that is not in some other DNS); or
b) You want to purposely send somewhere else, often to "blackhole" access to some internet name (facebook.com to some IP on your internal LAN to stop FaceBook working) - Domain overrides - if you have a "proper" DNS server/s for your internal domain/s then put those here. Domain name and the IP address of the DNS server for that domain. Then queries for those domain/s will be sent to those IPs, rather than out/up to the internet.
-
I got it.
One last stupid question, using DNSMASQ my list of DNS server on the main PFSense page started with 127.0.0.1, I assume since DNSMASQ is off and I am using Unbound I will need to go to General and add 127.0.0.1 back into that list, correct?
-
I didn't do anything special when putting in settings for Unbound on my home 2.2 system and the 127.0.0.1 entry appears all by itself. The underlying pfSense code should be taking care of that sort of stuff, in the same way that DNSmasq did. (Of course, I am doing this on 2.2 - I am not familiar with exactly what the Unbound package actually does on 2.1.5)
-
Ya since 2.2 has it as the default i guessed it worked like DNSMASQ and auto added 127.0.0.1, on 2.1.5 i disable DNSMASQ so it dropped the 127 entry, my only worry is whether it matters if its at the beginning or end of the list. I configured all other items.
-
Since you posted to get details on your outline from others….Anyone have any examples of domain overrides?
