DNS Resolver "forgets" Domain Overrides from time to time
I added a Domain Override for my local AD. So xxx.local to the IP of the AD. It all works, but randomly the DNS Resolver can not resolve xxx.local. Then I restart the DNS Resolver Service and all works again.
I'm using pfSense v2.4.5
Gertjan last edited by
When it happens again, before restarting the Resolver, check the file /etc/hosts
Your DNS override should be there.
And the Resolver primes from that file.
This post is deleted!
It doesn't happened since I posted my question, but I took a look at the hosts file and I can't see any overwrite in there. See:
Content of hosts file (anonymized):
127.0.0.1 localhost localhost.example.com ::1 localhost localhost.example.com 192.168.1.1 myfw.example.com myfw
When you you say you can not resolve your AD domain, the override is not listed in domain overrides?
domain overrides would not be in the /etc/hosts file, only host overrides would be there.
Domain overrides would be here
[2.4.5-RELEASE][firstname.lastname@example.org]/var/unbound: cat domainoverrides.conf forward-zone: name: "something.com" forward-addr: 192.168.9.44 [2.4.5-RELEASE][email@example.com]/var/unbound:
Gertjan last edited by Gertjan
I just check the manual : host overrides MUST be there.
Like these :
I found it in the /etc/hosts file like
... 10.0.0.2 ddwrt.brit-hotel-fumel.net ddwrt ....
All DHCP Static leases, and dynamic leases should be there also.
edit : host overrides - domain ovverride is something different, they go into the unbound config (didn't check).
That is not a "domain override" that is just a host entry.. Ie a host override..
Yeah all those would be in etc/hosts
If I go under Diagnostics->DNS Lookup normally it resolves fine:
But from time to time something happens and the domain couldn't be resolved anymore. Then in DNS Lookup:
Then if I restart the DNS Resolver Service it directly works again.
Currently it works and I can see it also in the domainoverrides.conf
your using .local - yeah that not a good idea at all! Apple screwed the pooch for doing that long time ago..
@johnpoz Okay thx for the info. I'll fix this and hope that this is somehow related to my problem.
When they came out with RFC 6762, and using .local for mdns stuff - not a good idea to use that for your local dns names. I would stay away from any single label as well to be honest.
Using something like lan.localdomain if you want.. something.tld is best.. In a perfect world you wold own actual domain, just not use it on the public side.. Or just use something that is unlikely ever going to be a public tld..
I use local.lan - since I find it very very unlikely that .lan will ever be a public .tld
RFC 8375 sets aside
.home.arpafor this kind of use, which is what everyone should be migrating to eventually (unless you have a real domain)