Dnsmasq/unbound valid configs rejected by pfsense



  • hello all

    i'm trying to setup dnsmasq so a single domain is resolvable by other hosts : basically i'd like to be able to set the following settings in dnsmasq's syntax

    i tried to set this up both in the custom settings and in the domain overrides but pfsense rejects both ! and # as forwarders addresses

    the closest i came up with is

    
    no-resolv
    server=/lan/172.16.200.101
    except-interface=lo0
    

    which produces NXDOMAIN for domains outside the lan rather than REFUSED as i'd expect
    any known ways to get an actual explicit rejection ?

    ideally, i'd like to instruct dnsmasq not to listen on the loopback and have unbound resolve queries for the firewall itself, or possibly the opposite
    but pfsense won't let me enable unbound on the loopback because it claims there is a port conflict
    nevertheless there is none since i instructed dnsmasq not to listen on lo0
    any way to force the config ?

    thanks for your time


  • Rebel Alliance Global Moderator

    So you want to run forwarder and unbound at same time?  There is a conflict not with the control port of 953 I do believe.