Wildcard DNS entries

tommyboy180 · Dec 9, 2011, 3:47 PM

If you need a wildcard in your DNS forwarder (*.domain.com)

1. Log in to pfSense 2.0 instance via the web interface.
2. Go to Services-> DNS Forwarder (http://pfSensense_url/services_dnsmasq.php)
3. Click the Advanced button Add as many of the following as you need, each entry on a new line.

address=/dev/127.0.0.1

Where dev is the end of the wildcard entry, and 127.0.0.1 is the ip that these wildcard names will resolve to. Think of dev as *.dev, but only list the part after the dot. So myhost.dev, myhost.subdomain.dev, and anything else that ends in .dev and is not defined elsewhere, will resolve to the ip provided.

So if you need *.com then the corresponding line will look like

address=/com/127.0.0.1

Credit: http://serverfault.com/questions/321563/how-can-i-setup-a-wilcard-dns-entry-on-pfsense
Thank you Scott

doktornotor · Feb 13, 2015, 7:39 PM

Howto for DNS Resolver (Unbound):
1. Go to Services -> DNS Resolver
2. Add the desired wildcard entries to the Advanced box:


server:
local-zone: "example.com" redirect
local-data: "example.com 3600 IN A 192.0.2.1"

Documentation: unbound.conf(5)


redirect
                 The query is answered from the local data for the zone  name.
                 There  may  be  no  local  data  beneath the zone name.  This
                 answers queries for the zone, and all subdomains of the  zone
                 with the local data for the zone.  It can be used to redirect
                 a domain to return a different  address  record  to  the  end
                 user,    with   local-zone:   "example.com."   redirect   and
                 local-data: "example.com. A 127.0.0.1" queries for  www.exam-
                 ple.com and www.foo.example.com are redirected, so that users
                 with web browsers  cannot  access  sites  with  suffix  exam-
                 ple.com.

Yowsers · May 8, 2015, 12:23 PM

This is in the wiki as well.

https://doc.pfsense.org/index.php/Wildcard_Records_in_DNS_Forwarder/Resolver

Supermule · May 8, 2015, 12:42 PM

I cant get it to work

fossum_13 · Oct 14, 2015, 10:05 PM

Seems that if you try the above for pfSense 2.2.4 with an unbound resolver, you will get a duplicate zone error…

unbound: [42597:0] warning: duplicate local-zone
unbound: [42597:0] error: could not enter zone mydomain.ddns.net transparent
unbound: [42597:0] fatal error: Could not set up local zones

if I just use the last line (suggested by the wiki), it starts successfully. From an external IP dig doesn't seem to like it and the wildcard still doesn't work…

[user@localhost /]$ dig @mydomain.ddns.net ubuntu64.mydomain.ddns.net

; <<>> DiG 9.10.2-P4-RedHat-9.10.2-5.P4.fc22 <<>> @mydomain.ddns.net ubuntu64.mydomain.ddns.net
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 24562
;; flags: qr rd ad; QUERY: 0, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: recursion requested but not available

;; Query time: 157 msec
;; SERVER: 73.239.107.170#53(73.239.107.170)
;; WHEN: Wed Oct 14 15:01:32 PDT 2015
;; MSG SIZE  rcvd: 12

[user@localhost /]$

FYI - I have opened TCP/UDP 53 in the firewall

Criggie · Jan 27, 2016, 4:33 AM

@Yowsers:

This is in the wiki as well.
https://doc.pfsense.org/index.php/Wildcard_Records_in_DNS_Forwarder/Resolver

Yes - and that page also misses a big gotcha.

As someone coming from dnsmasq / "forwarder" I had multiple host overrides too.

Unbound / resolver refuses to start if you set up a wildcard subdomain AND have host overrides that match. So you need to delete all the host overrides that use the same subdomain.

If you want to override a host in your domain override with unbound, best to do it on the resolver at which you are pointing.