• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Wildcard with DNS Resolver (unbound) for local Domain

Scheduled Pinned Locked Moved DHCP and DNS
6 Posts 2 Posters 5.2k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • N
    noesberger
    last edited by May 20, 2021, 5:58 AM

    Re: Wildcard host override with DNS Resolver (unbound)

    Hi, as per Documentation. https://docs.netgate.com/pfsense/en/latest/services/dns/wildcards.html?highlight=wildcard
    I'm able to create a DNS wildcard for an "not already existing domain". But I would like to create a wildcard DNS for my local domain, that the pfSense is also using and where I already have some host overrides. How is this possible? Because when I enter the domain it tells me, that this domain already exists in the config. And with only the last line

    local-data: "example.com 86400 IN A 192.168.1.54"
    

    the wildcard resolution is not working.

    Thanks for your help.

    G 1 Reply Last reply May 20, 2021, 6:14 AM Reply Quote 0
    • G
      Gertjan @noesberger
      last edited by Gertjan May 20, 2021, 7:22 AM May 20, 2021, 6:14 AM

      @noesberger said in Wildcard with DNS Resolver (unbound) for local Domain:

      the wildcard resolution is not working.

      Checked the unbound manual ?

      You'll find the classic :

      No, unbound is not an authoritative server, and doesn't have all the
      authoritative DNS capabilities (you could run a real auth server and
      point a stub-zone at it).

      but :

      server:
        local-data: "example.com redirect"
        local-data: ".example.com 86400 IN A 192.168.1.54"
      

      should do the job.

      (edit : don't use this as an example - there is a type - see below)

      Btw : I didn't tested.

      No "help me" PM's please. Use the forum, the community will thank you.
      Edit : and where are the logs ??

      N 1 Reply Last reply May 20, 2021, 7:14 AM Reply Quote 0
      • N
        noesberger @Gertjan
        last edited by May 20, 2021, 7:14 AM

        @Gertjan
        did'nt worked, when trying to save I get the following error.

        The generated config file cannot be parsed by unbound. Please correct the following errors:
        [1621494739] unbound-checkconf[68455:0] error: error parsing local-data at 2 '.test.local 86400 IN A 192.168.1.230': Empty label
        [1621494739] unbound-checkconf[68455:0] error: Bad local-data RR .test.local 86400 IN A 192.168.1.230
        [1621494739] unbound-checkconf[68455:0] fatal error: failed local-zone, local-data configuration
        
        G 1 Reply Last reply May 20, 2021, 7:29 AM Reply Quote 0
        • G
          Gertjan @noesberger
          last edited by May 20, 2021, 7:29 AM

          @noesberger

          Humm, as I said : I didn't test ;)
          I was hoping you would read the doc ^^

          Don't worry for the 'detailed' error : it's a way of telling you that this line :

          local-data: "example.com redirect"
          

          should be written as :

          local-data: "example.com" redirect
          

          In the past, you would have seen : "syntax error period". These days, error situations are far more verbose (verbuss) so no one nothing nothing any more (me included).

          No "help me" PM's please. Use the forum, the community will thank you.
          Edit : and where are the logs ??

          N 1 Reply Last reply May 20, 2021, 8:28 AM Reply Quote 0
          • N
            noesberger @Gertjan
            last edited by May 20, 2021, 8:28 AM

            @gertjan
            I was reading the doc, but still not able to solve it.

            The generated config file cannot be parsed by unbound. Please correct the following errors:
            /var/unbound/test/unbound.conf:102: error: unknown keyword 'redirect'
            read /var/unbound/test/unbound.conf failed: 1 errors in configuration file
            

            And when I used local-server: instead of local-data for the first line (as written in the doc). I'm getting the following error.

            The generated config file cannot be parsed by unbound. Please correct the following errors:
            [1621499109] unbound-checkconf[19107:0] warning: duplicate local-zone test.local.
            [1621499109] unbound-checkconf[19107:0] error: error parsing local-data at 2 '.test.local 86400 IN A 192.168.1.230': Empty label
            [1621499109] unbound-checkconf[19107:0] error: Bad local-data RR .test.local 86400 IN A 192.168.1.230
            [1621499109] unbound-checkconf[19107:0] fatal error: failed local-zone, local-data configuration
            

            When I'm using the same domain as the pfsense is using locally it's not working, with a different domain it's working fine. (as described in my first post ;-))

            G 1 Reply Last reply May 20, 2021, 8:59 AM Reply Quote 0
            • G
              Gertjan @noesberger
              last edited by Gertjan May 20, 2021, 9:00 AM May 20, 2021, 8:59 AM

              @noesberger said in Wildcard with DNS Resolver (unbound) for local Domain:

              warning: duplicate local-zone test.local.

              Check the unbound.conf file yourself.
              Your adding 'custom' lines, so its advisable to have a look at the entire file.
              It's here : /var/unbound/unbound.conf

              I've checked with :

              cdf22d05-4873-4fc4-9652-be36b5c80d5a-image.png

              and unbound is happy - no errors. And probably isn't what you want :
              wildcard or the leading dot.

              This doesn't work for me neither :

              3935b644-e135-4a53-9b82-63f8e16f3615-image.png

              Maybe

              No, unbound is not an authoritative server, and doesn't have all the
              authoritative DNS capabilities (you could run a real auth server and
              point a stub-zone at it).

              apples after all.

              Note : https://lists.nlnetlabs.nl/pipermail/unbound-users/2009-April/000560.html and the answer.

              No "help me" PM's please. Use the forum, the community will thank you.
              Edit : and where are the logs ??

              1 Reply Last reply Reply Quote 0
              6 out of 6
              • First post
                6/6
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                This community forum collects and processes your personal information.
                consent.not_received