Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    DNS Resolver - System Domain Local Zone Type not changeable

    DHCP and DNS
    2
    5
    6.8k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      jacob1123
      last edited by

      Hello,

      I changed my System Domain's Local Zone Type to "redirect" while trying to get my wildcard dns to work and now I can't get it to revert to transparent.
      When I set it to "transparent" in the Web UI, I get the error
      error: local-data in redirect zone must reside at top of zone, not at fw.nas A 192.168.1.1
      Which seems to occur, because there still is "redirect" in the config instead of "transparent".

      I managed to change the "redirect" to "transparent" in /var/unbound/host_entries.conf by using sed and Unbound is now working correctly but the DNS Resolver Config is still not modifiable via the web interface.

      So is there a way to correct the values that the Web Interface displays?
      Or is there a way to update the Local Zone Type?

      Thanks in advance,
      jacob

      EDIT: This is my /var/unbound/host_entries.conf after updating it.

      local-zone: "nas" transparent
      local-data-ptr: "127.0.0.1 localhost"
      local-data: "localhost A 127.0.0.1"
      local-data: "localhost.nas A 127.0.0.1"
      local-data-ptr: "::1 localhost"
      local-data: "localhost AAAA ::1"
      local-data: "localhost.nas AAAA ::1"
      local-data-ptr: "192.168.1.1 fw.nas"
      local-data: "fw.nas A 192.168.1.1"
      local-data: "fw A 192.168.1.1"

      1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator
        last edited by

        There was a thread awhile back with same sort of issue where once you changed the type to something you couldn't put it back.  Fix was to modify config or use backup

        Here it is
        https://forum.pfsense.org/index.php?topic=111197.0

        But I never followed through trying to duplicate it or put in a bug report if actually is one?

        Not sure why you would change to redirect to get wild card working.. Why in the world would you want a wildcard for your local domain??

        I have my set at static, I don't want unknown queries in my local domain to go anywhere.  But the thread I Linked to gets the configuration fixed up for you.

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.7.2, 24.11

        1 Reply Last reply Reply Quote 0
        • J
          jacob1123
          last edited by

          Awesome, thanks!
          I knew there had to be another config file somewhere :)

          I have a server in my local network and want local connections to use it's local ip.
          Otherwise I'm not able to reach it, because the NAT doesn't work on the LAN interface.
          Setting the system zone to redirect was plain wrong though. I should have read the docs more thoroughly.  ;)
          I use local-zone and local-data in the custom config now, as documented for wildcard resolution.

          1 Reply Last reply Reply Quote 0
          • johnpozJ
            johnpoz LAYER 8 Global Moderator
            last edited by

            Still not understanding the need of a wildcard?  If want pfsense unbound to look up something from a local dns for some local zone just setup a domain override.

            When you say local server.. So for example you have some public fqdn host.publicdomain.tld and you want your local devices to resolve host.publicdomain.tld to this servers local IP?  If that is the case that is a simple host override.  Are you saying you want host.publicdomain.tld, otherhost.publicdomain.tld, whatever.publidomain.tld all to resolve to your local machines IP?  Then sure that would be a wild card entry for this publicdomain.tld or localdomain.tld.. If it was publicdomain.tld a wildcard would be bad since you wouldn't be able to resolve anything to the public IP, etc.

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 24.11 | Lab VMs 2.7.2, 24.11

            1 Reply Last reply Reply Quote 0
            • J
              jacob1123
              last edited by

              I was actually using host overrides until recently. But it became too much of a hassle to add a new one for every subdomain.
              The whole publicdomain.tld is supposed to resolve to this particular host, so a wildcard was the easiest solution.
              Also I kept forgetting to add a new override and would wonder why one subdomain would not work.

              Is it still possible to add host overrides within a wildcard domain? I might some day have a subdomain that's not supposed to resolve to my local server.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.