Domain overrides frequently returning NXDomain



  • Hi,

    We have an HA setup with an ipsec tunnel to the main site. We need to resolve a specific domain with the DNS servers running at the main site. For this we added a domain override pointing to one of the DNS server there.
    In our LAN this domain is resolvable, but after a few moments (sometimes a few seconds), the resolution returns NXDomain error.
    It seems unbound negatively cached the forward, because it works again after an unbound-control flush_negative.

    I wasn't able to spot anything in the resolver.log, and I fail to see how to troubleshoot the problem.

    Any idea what could cause this issue?



  • Unbound is the resolver, running on pfSense.
    That's the resolver being used, right ?

    The unbound / resolver was restarting when you get NXDomain ?



  • Yes, it is unbound. The pfsense acts as a resolver for the LAN, and should forward requests from the domain override to the remote server.

    I don't think unbound was restarting. The option that makes DHCP lease store client names in the resolver has been disabled a long time ago.


Log in to reply