unbound / subdomain delegation / local-zone type

mmercier

Hello,

I seem to be having a problem configuring unbound (DNS Resolver) on pfSense+ 22.01. I have the following:

pfsense.example.com - example.com
pfsense.exmaple2.com - example2.com

On pfsense.example.com, I am attempting to delegate a subdomain - dev.example.com - to another DNS server. In the domain overrides section, I have configured the following:

example2.com - 192.168.1.1 - forward for example2.com
dev.example.com - 192.168.2.1 - forward for dev.example.com

If I have the 'System Domain Local Zone Type' set to 'Transparent', the forwarding works successfully, but what I have noticed is that requests for records with no entries for 'example.com' are leaking to the northbound DNS server configured under the 'General Setup -> DNS Servers'.

To provide an example, assume I only have one record in the 'Host Overrides' section on the 'DNS Resolver -> General Settings' page:

myhost - example.com - 192.168.1.20 - myhost

If I perform a:

nslookup myhost2.example.com

the pfsense host is forwarding the query to the internet.

Reading the documentation for the local-zone type, I though this would be resolvable by setting the type to 'static'. A side effect of changing the type to 'static' is that the forwarding for 'dev.example.com' stops working. Forwarding for 'example2.com' continues to work.

Anyone have any insights as to what my problem is?

Thanks.