DNS Resolver - System Domain Local Zone Type not changeable
-
Hello,
I changed my System Domain's Local Zone Type to "redirect" while trying to get my wildcard dns to work and now I can't get it to revert to transparent.
When I set it to "transparent" in the Web UI, I get the error
error: local-data in redirect zone must reside at top of zone, not at fw.nas A 192.168.1.1
Which seems to occur, because there still is "redirect" in the config instead of "transparent".I managed to change the "redirect" to "transparent" in /var/unbound/host_entries.conf by using sed and Unbound is now working correctly but the DNS Resolver Config is still not modifiable via the web interface.
So is there a way to correct the values that the Web Interface displays?
Or is there a way to update the Local Zone Type?Thanks in advance,
jacobEDIT: This is my /var/unbound/host_entries.conf after updating it.
local-zone: "nas" transparent
local-data-ptr: "127.0.0.1 localhost"
local-data: "localhost A 127.0.0.1"
local-data: "localhost.nas A 127.0.0.1"
local-data-ptr: "::1 localhost"
local-data: "localhost AAAA ::1"
local-data: "localhost.nas AAAA ::1"
local-data-ptr: "192.168.1.1 fw.nas"
local-data: "fw.nas A 192.168.1.1"
local-data: "fw A 192.168.1.1"
-
There was a thread awhile back with same sort of issue where once you changed the type to something you couldn't put it back. Fix was to modify config or use backup
Here it is
https://forum.pfsense.org/index.php?topic=111197.0But I never followed through trying to duplicate it or put in a bug report if actually is one?
Not sure why you would change to redirect to get wild card working.. Why in the world would you want a wildcard for your local domain??
I have my set at static, I don't want unknown queries in my local domain to go anywhere. But the thread I Linked to gets the configuration fixed up for you.
-
Awesome, thanks!
I knew there had to be another config file somewhere :)I have a server in my local network and want local connections to use it's local ip.
Otherwise I'm not able to reach it, because the NAT doesn't work on the LAN interface.
Setting the system zone to redirect was plain wrong though. I should have read the docs more thoroughly. ;)
I use local-zone and local-data in the custom config now, as documented for wildcard resolution.
-
Still not understanding the need of a wildcard? If want pfsense unbound to look up something from a local dns for some local zone just setup a domain override.
When you say local server.. So for example you have some public fqdn host.publicdomain.tld and you want your local devices to resolve host.publicdomain.tld to this servers local IP? If that is the case that is a simple host override. Are you saying you want host.publicdomain.tld, otherhost.publicdomain.tld, whatever.publidomain.tld all to resolve to your local machines IP? Then sure that would be a wild card entry for this publicdomain.tld or localdomain.tld.. If it was publicdomain.tld a wildcard would be bad since you wouldn't be able to resolve anything to the public IP, etc.
-
I was actually using host overrides until recently. But it became too much of a hassle to add a new one for every subdomain.
The whole publicdomain.tld is supposed to resolve to this particular host, so a wildcard was the easiest solution.
Also I kept forgetting to add a new override and would wonder why one subdomain would not work.Is it still possible to add host overrides within a wildcard domain? I might some day have a subdomain that's not supposed to resolve to my local server.
