• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

How to remove private-address: from /var/unbound/unbound.conf ?

Scheduled Pinned Locked Moved DHCP and DNS
4 Posts 2 Posters 806 Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • B
    biterror
    last edited by Apr 14, 2018, 8:00 AM

    We have a local network with private addresses/names that I have configured to unbound, this is working well.  We also have separate networks across VPN connections, they are also using private (10.x.x.x) addresses which are configured to a public DNS.  Now, when I query any of those hosts, unbound doesn't return the IP's because the configuration file contains "private-address: 10.0.0.0/8" lines.  How can I remove / edit these lines?  I can't see anything in the pfSense 2.4.2 web interface for disabling or editing these entries.

    It took me a long time to figure out what was wrong - I have unbound running on a separate (linux) host for testing and it works just fine.  I thought the problem was with forwarding or firewall or something..

    Thanks!

    1 Reply Last reply Reply Quote 0
    • J
      johnpoz LAYER 8 Global Moderator
      last edited by Apr 14, 2018, 10:32 AM

      Turn off rebind protection if upstream dns is going to return public.

      But if you have rfc1918 in a public domain that resolve on the public internet - your doing it WRONG!!~

      https://doc.pfsense.org/index.php/DNS_Rebinding_Protections

      An intelligent man is sometimes forced to be drunk to spend time with his fools
      If you get confused: Listen to the Music Play
      Please don't Chat/PM me for help, unless mod related
      SG-4860 24.11 | Lab VMs 2.8, 24.11

      1 Reply Last reply Reply Quote 0
      • B
        biterror
        last edited by Apr 14, 2018, 11:23 AM

        Thanks!  It seems to work now.  ;D

        What is the correct way of setting up a DNS for private names and IPs?  Using a local unbound resolver hides the private names from Internet, but on the other hand, VPN clients often use public DNS so they can't see the private names although they can and are supposed to talk to the private hosts.

        1 Reply Last reply Reply Quote 0
        • J
          johnpoz LAYER 8 Global Moderator
          last edited by Apr 14, 2018, 12:29 PM

          If you have vpn client connecting they should use the local dns through the vpn to resolve rfc1918 address space.  It is BAD PRACTICE to put rfc1918 in public dns… The whole point of rebinding protection is to protect against such practice.

          If you have site to site vpn connections.  Then all your different sites across these site to site connections should be able to resolve what you want them to resolve via internal dns..

          so lets say you have site A and site B via vpn connection.

          Lets call it siteAdomain.tld and siteBdomain.tld..  Its very simple to tell site A dns to ask siteB dns for host.siteBdomain.tld via either delegation or simple domain override if your using say unbound..

          An intelligent man is sometimes forced to be drunk to spend time with his fools
          If you get confused: Listen to the Music Play
          Please don't Chat/PM me for help, unless mod related
          SG-4860 24.11 | Lab VMs 2.8, 24.11

          1 Reply Last reply Reply Quote 0
          2 out of 4
          • First post
            2/4
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
            This community forum collects and processes your personal information.
            consent.not_received