Split DNS (I know, I know)…
-
Ok, so running down the unbound resolver; it is indeed running.
The host settings I'm editing are in the services->DNS Forwarder. I noticed that in the Services->DNS Resolver under advanced there is also a host section that mimics what is found under the DNS Forwarder Section.
After some reading, the two are a one or the other scenario, yes? So, do I need to undo the Forwarder and enter the host into the Resolver to keep unbound running or should I disable unbound to revert back to dnsmasq (I did note that the documentation says to disable unbound to use resolver, but not that it's best practice if there is a better way).
Edit: after looking at John's screenshot I answered my own question maybe. Editing….
Edit 2:
Success!!! So it seems the entire issue was the confusion around the forwarder and the resolver and my lack of knowledge about the unbound change in 2.2. So John, thank you for pointing me in the right direction.
Derelict, thank you for your patience and continuing help.
-
Yes. With the forwarder disabled the forwarder host overrides do nothing. While you're in there go into the Advanced settings tab and check Harden Glue and Harden DNSSEC data. Another thread. Just trust me.
-
Yes. With the forwarder disabled the forwarder host overrides do nothing. While you're in there go into the Advanced settings tab and check Harden Glue and Harden DNSSEC data. Another thread. Just trust me.
Ok, done deal. Link to thread? Would love to know the why's.
-
https://forum.pfsense.org/index.php?topic=88466.0
-
Nice read. Thank you for that. Having it defaulted seems like a must, to which Chris seems to have in mind for 2.2.1.
-
I think maybe if you don't have forwarder enabled that that whole section should be not shown, so that this sort of thing can not happen..
Or the over rides should be common to both?
-
Common to both would be nice. Or at least a way to copy from one to the other. But you should be able to enter overrides with it disabled so you can enter your overrides before switching from one to the other.
-
https://redmine.pfsense.org/issues/4332 <– see the hint in here.
-
I think maybe if you don't have forwarder enabled that that whole section should be not shown, so that this sort of thing can not happen..
Or the over rides should be common to both?
Would it be fair to say that, for the moment, the transition to the new service is just that; in transition? So maybe the idea is to have overlapping menus and options to keep both services alive for the masses (also to test the new availability before relying on it completely).
If this is the case, I would say there should be a selection option in the resolver to pick which service to use (never at the same time) and the corresponding menus within the GUI will simply work with whatever service is selected to be active.
Would this be logical?
-
I don't think the dns forwarder is going away any time soon. The option is there to run both if you want. But this new move to the resolver is confusing for many users, and having the over rides listed - its possible for example to do what you did put your over rides in the same section.
Its hard coding for layer 8 ;)
