Wildcard with DNS Resolver (unbound) for local Domain

noesberger

Re: Wildcard host override with DNS Resolver (unbound)

Hi, as per Documentation. https://docs.netgate.com/pfsense/en/latest/services/dns/wildcards.html?highlight=wildcard
I'm able to create a DNS wildcard for an "not already existing domain". But I would like to create a wildcard DNS for my local domain, that the pfSense is also using and where I already have some host overrides. How is this possible? Because when I enter the domain it tells me, that this domain already exists in the config. And with only the last line

local-data: "example.com 86400 IN A 192.168.1.54"

the wildcard resolution is not working.

Thanks for your help.

Gertjan

@noesberger said in Wildcard with DNS Resolver (unbound) for local Domain:

the wildcard resolution is not working.

Checked the unbound manual ?

You'll find the classic :

No, unbound is not an authoritative server, and doesn't have all the
authoritative DNS capabilities (you could run a real auth server and
point a stub-zone at it).

but :

server:
  local-data: "example.com redirect"
  local-data: ".example.com 86400 IN A 192.168.1.54"

should do the job.

(edit : don't use this as an example - there is a type - see below)

Btw : I didn't tested.

noesberger

@Gertjan
did'nt worked, when trying to save I get the following error.

The generated config file cannot be parsed by unbound. Please correct the following errors:
[1621494739] unbound-checkconf[68455:0] error: error parsing local-data at 2 '.test.local 86400 IN A 192.168.1.230': Empty label
[1621494739] unbound-checkconf[68455:0] error: Bad local-data RR .test.local 86400 IN A 192.168.1.230
[1621494739] unbound-checkconf[68455:0] fatal error: failed local-zone, local-data configuration

Gertjan

@noesberger

Humm, as I said : I didn't test ;)
I was hoping you would read the doc ^^

Don't worry for the 'detailed' error : it's a way of telling you that this line :

local-data: "example.com redirect"

should be written as :

local-data: "example.com" redirect

In the past, you would have seen : "syntax error period". These days, error situations are far more verbose (verbuss) so no one nothing nothing any more (me included).

noesberger

@gertjan
I was reading the doc, but still not able to solve it.

The generated config file cannot be parsed by unbound. Please correct the following errors:
/var/unbound/test/unbound.conf:102: error: unknown keyword 'redirect'
read /var/unbound/test/unbound.conf failed: 1 errors in configuration file

And when I used local-server: instead of local-data for the first line (as written in the doc). I'm getting the following error.

The generated config file cannot be parsed by unbound. Please correct the following errors:
[1621499109] unbound-checkconf[19107:0] warning: duplicate local-zone test.local.
[1621499109] unbound-checkconf[19107:0] error: error parsing local-data at 2 '.test.local 86400 IN A 192.168.1.230': Empty label
[1621499109] unbound-checkconf[19107:0] error: Bad local-data RR .test.local 86400 IN A 192.168.1.230
[1621499109] unbound-checkconf[19107:0] fatal error: failed local-zone, local-data configuration

When I'm using the same domain as the pfsense is using locally it's not working, with a different domain it's working fine. (as described in my first post ;-))

Gertjan

@noesberger said in Wildcard with DNS Resolver (unbound) for local Domain:

warning: duplicate local-zone test.local.

Check the unbound.conf file yourself.
Your adding 'custom' lines, so its advisable to have a look at the entire file.
It's here : /var/unbound/unbound.conf

I've checked with :

and unbound is happy - no errors. And probably isn't what you want :
wildcard or the leading dot.

This doesn't work for me neither :

Maybe

No, unbound is not an authoritative server, and doesn't have all the
authoritative DNS capabilities (you could run a real auth server and
point a stub-zone at it).

apples after all.

Note : https://lists.nlnetlabs.nl/pipermail/unbound-users/2009-April/000560.html and the answer.