Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    DNS Resolver Custom options no View/Server

    Scheduled Pinned Locked Moved DHCP and DNS
    7 Posts 2 Posters 41 Views 2 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • 4 Offline
      4o4rh
      last edited by

      I'm trying to add the below in the custom options

      Server:
View:
  name: "vlan4"
  match-clients: 192.168.4.0/24
  local-data: "ipfw. 3600 IN A 192.168.4.5"

      but i am getting the below error

      The generated config file cannot be parsed by unbound. Please correct the following errors:
   /var/unbound/test/unbound.conf:123: error: unknown keyword 'Server'
   /var/unbound/test/unbound.conf:123: error: stray ':'
   /var/unbound/test/unbound.conf:125: error: unknown keyword 'View'
   /var/unbound/test/unbound.conf:125: error: stray ':'
   /var/unbound/test/unbound.conf:126: error: forward name override, there must be one name for one forward-zone
   /var/unbound/test/unbound.conf:127: error: unknown keyword 'match-clients'
   /var/unbound/test/unbound.conf:127: error: stray ':'
   /var/unbound/test/unbound.conf:127: error: unknown keyword '192.168.4.0/24'
   /var/unbound/test/unbound.conf:128: error: syntax error
   read /var/unbound/test/unbound.conf failed: 9 errors in configuration file
      GertjanG 1 Reply Last reply Reply Quote 0
      • GertjanG Offline
        Gertjan @4o4rh
        last edited by

        @4o4rh

        Syntax errors 😊

        Use Tags and Views as a guide line. You'll find the first issue right away : "Server:" is not "server:" so unbound yells, as these configuration 'elements' are case sensitive.

        No "help me" PM's please. Use the forum, the community will thank you.
        Edit : and where are the logs ??

        4 1 Reply Last reply Reply Quote 0
        • 4 Offline
          4o4rh @Gertjan
          last edited by

          @Gertjan indeed. thank you, gets a little further

          The generated config file cannot be parsed by unbound. Please correct the following errors:
  /var/unbound/test/unbound.conf:126: error: unknown keyword 'match-clients'
  /var/unbound/test/unbound.conf:126: error: stray ':'
  /var/unbound/test/unbound.conf:126: error: unknown keyword '192.168.4.0/24'
  read /var/unbound/test/unbound.conf failed: 3 errors in configuration file
          GertjanG 1 Reply Last reply Reply Quote 0
          • GertjanG Offline
            Gertjan @4o4rh
            last edited by Gertjan

            @4o4rh said in DNS Resolver Custom options no View/Server:

            unknown keyword 'match-clients'

            May I ask : where did you get this element or config command 'match-clients' from ?
            Not the Internet I use. Or to be more precise : Google doesn't know about it, and true, that's not a definite answer of course, but it comes pretty close.

            You can't invent (?) these key words, they have to be part of this list - latest version, or the unbound version you use : unbound.conf which is the documentation of the authors. All other sources have to be fact-checked with this source first.

            No "help me" PM's please. Use the forum, the community will thank you.
            Edit : and where are the logs ??

            4 1 Reply Last reply Reply Quote 0
            • 4 Offline
              4o4rh @Gertjan
              last edited by

              @Gertjan using chatgpt to try and solve my problem, which is;

              • i have pfsense.duckdns.org and letsencrypt as the main certifcate.
              • i can access ssl from both wan/lan if using pfsense.duckdns.org
                problem
              • using pfsense.local.lan causes a security problem.
                it seems, rather than the interface ip, resolves to the pfsense ip of the main eth0
              GertjanG 1 Reply Last reply Reply Quote 0
              • GertjanG Offline
                Gertjan @4o4rh
                last edited by

                @4o4rh said in DNS Resolver Custom options no View/Server:

                using chatgpt to ...

                Who is that ?
                The unbound documentation isn't hard to find ...

                @4o4rh said in DNS Resolver Custom options no View/Server:

                i can access ssl from both wan/lan if using pfsense.duckdns.org
                problem

                Accessing pfSense from WAN ?? Take my advise : don't do that, don't make that happen.
                The exception might be : when the pfSense WAN interface isn't connected to the 'real' Internet', but behind another firewall/router.

                using pfsense.local.lan causes a security problem.

                You can't get a certificate from Letsencrypt for that domain name "local.lan".
                You must 'own' (rent) that domain name first (!!) I presume the TLD dot lan doesn't even exist.
                Read Letsencrypt's usage conditions.

                I can access my pfSense GUI from a LAN device just fine, using a host name like
                pfsense.my-rented-domaine-name.tld
                because I actually rent that "my-rented-domaine-name.tld" for this very purpose.
                The pfSense package acme handles the renewal of the certificate for *.my-rented-domaine-name.tld

                It's still also very ok to 'trust' the internally (by pfSense) generated GUI certificate from the pfSense the very first time you access it over https. You'll be the only one seeing this browser warningjust ones, and as it's only you admining pfSense with the GUI access, this won't bother anybody.

                Certificates and all that TLS stuff is something you might consider using when you know what https (TLS) really is.
                And don't ask chatgpt ... ;)

                No "help me" PM's please. Use the forum, the community will thank you.
                Edit : and where are the logs ??

                4 1 Reply Last reply Reply Quote 0
                • 4 Offline
                  4o4rh @Gertjan
                  last edited by

                  @Gertjan off track, but i am trying to integrate home connect into home assistant which is a vm inside of truenas. linking the cloud account doesn't like. i was using the wan access only to check that i got duckdns and letscrypt sorted.

                  now i am trying to figure out how i get haos working.
                  i guess i can revert back to my pfsense certifcate once haos is running

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.