Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    DNS Resolver Authoritative for local.lan

    Scheduled Pinned Locked Moved DHCP and DNS
    4 Posts 2 Posters 950 Views 2 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T Offline
      toluun
      last edited by

      Hello,

      I am trying to set up the dns resolver so that it provides an authoritative answer for my local.lan. so that if I lookup an address that is not part of my network than it wont forward the lookup to external DNS resolvers. In my research I found that adding the following to the Resolvers custom options should do this:

      local-data: "local.lan. 10800 IN SOA pfsense.local.lan. root.local.lan. 1 3600 1200 604800 10800"

      However I am not having any luck with it working. If I do a

      dig nothere.local.lan +trace

      I do get a NXDOMAIN response but I can see the trace going to root dns servers. I am not an expert and really at a loss for why this isnt working.

      johnpozJ 1 Reply Last reply Reply Quote 0
      • johnpozJ Offline
        johnpoz LAYER 8 Global Moderator @toluun
        last edited by johnpoz

        @toluun you understand that trace will always go to because that is the first lookup in the trace.

        If you don't want unbound asking for stuff that is not local - just set the zone to static in unbound config.

        static.jpg

                    static
                 If  there  is a match from local data, the query is answered.
                 Otherwise, the query is answered  with  nodata  or  nxdomain.
                 For  a  negative  answer  a  SOA is included in the answer if
                 present as local-data for the zone apex domain.

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 25.07 | Lab VMs 2.8, 25.07

        T 1 Reply Last reply Reply Quote 0
        • T Offline
          toluun @johnpoz
          last edited by

          @johnpoz So I do have static set but then before the definition of static shouldn't i get an SOA response bases on the custom setting:

          For a negative  answer  a SOA is included in the answer if present as local-data for the zone apex domain.

          I am sure I am missing something but when I did:

          dig nothere.local.lan

          I was expecting an answer more like:

          ;; AUTHORITY SECTION:
local.lan.      10800   IN  SOA pfsense.local.lan. root.local.lan. 1 3600 1200 604800 10800
          T 1 Reply Last reply Reply Quote 0
          • T Offline
            toluun @toluun
            last edited by toluun

            @toluun

            Seems to be an issue with my linux installation. If I specify the dns server it responds as expected.

            dig @192.168.20.1 notthere.local.lan
            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.