DNS won't resolve on VPN subnet, 2.2, BIND=>Unbound



  • I have a LAN subnet (192.168.5.0/24) with a dns forwarder resolving local and remote requests incoming via VPN subnet (10.2.0.0/24)

    Obviously, I have "DNS Rebind Check" unchecked and following firewall rule on OpenVPN Tab:

    Everything works for a remote DNS requests, coming from remote system private subnets

    Now I disabled DNS forwarder and enabled DNS resolver:

    Leaving the rest of the options in the same state. DNS is not resolved for external (VPN) net anymore

    That's what I get sniffing on VPN net when do DNS query:

    09:58:25.160703 IP 10.2.0.2.37380 > 192.168.5.1.domain: 54039+ A? router.vetals. (31)
    09:58:25.160738 IP 10.2.0.2.37380 > 192.168.5.1.domain: 54039+ A? router.vetals. (31)
    09:58:25.255471 IP 192.168.5.1.domain > 10.2.0.2.37380: 54039 Refused- [0q] 0/0/0 (12)
    09:58:25.255494 IP 192.168.5.1.domain > 10.2.0.2.37380: 54039 Refused- [0q] 0/0/0 (12)

    Any ideas, what else must be tuned to go with Unbound?


  • Banned

    Add the VPN subnet to the DNS Resolver ACLs.



  • That worked like a charm!

    Thanks a lot!