Wildcard host override with DNS Resolver (unbound)



  • Hi everyone!

    How can I set up dns host overrides with wildcards using the default DNS Resolver (unbound)?

    I've tried the advanced settings for the old DNS Forwarder (dnsmasq), mentioned here:
    https://forum.pfsense.org/index.php?topic=43835.0

    This does not seem to work - nothing gets resolved anymore at all. And setting up a specific host-override for abc.com (leaving host blank) will not override www.abc.com or 123.abc.com.

    Any ideas except for turning off DNS Resolver and using DNS Forwarder instead?

    By the way: Where does pfsense store it's unound-config so I can try editing it on the shell and figure out wildcards there?

    Thanks everyone!
    Dan


  • Banned

    unbound.conf(5)

    
    redirect
                     The query is answered from the local data for the zone  name.
                     There  may  be  no  local  data  beneath the zone name.  This
                     answers queries for the zone, and all subdomains of the  zone
                     with the local data for the zone.  It can be used to redirect
                     a domain to return a different  address  record  to  the  end
                     user,    with   local-zone:   "example.com."   redirect   and
                     local-data: "example.com. A 127.0.0.1" queries for  www.exam-
                     ple.com and www.foo.example.com are redirected, so that users
                     with web browsers  cannot  access  sites  with  suffix  exam-
                     ple.com.
    
    

    So, you can try something like this in advanced config:

    
    server:
    local-zone: "abc.com" redirect
    local-data: "abc.com 3600 IN A 192.0.2.1"
    
    

  • Rebel Alliance Global Moderator

    So per dok instructions.. there you go

    root@ubuntu:~$ dig abc.com +short
    192.0.2.1
    root@ubuntu:~$ dig www.abc.com +short
    192.0.2.1
    root@ubuntu:~$ dig something.www.abc.com +short
    192.0.2.1
    root@ubuntu:~$ dig other.something.www.abc.com +short
    192.0.2.1
    root@ubuntu:~$

    looks like wildcard to me.

    Removed and back to normal
    root@ubuntu:~$ dig abc.com +short
    199.181.132.250
    root@ubuntu:~$ dig www.abc.com +short
    abc.com.
    199.181.132.250
    root@ubuntu:~$


  • Banned

    Well, thanks for testing that (and no thanks to the OP for not even bothering to post a beep…  >:() Perhaps someone might update the locked sticky so that it accounts for unbound as well?



  • Thank you so much guys for figuring this out and testing it.
    I'm truly sorry for not answering sooner!

    Best regards!



  • nevermind.
    I was asking what the IN was, I found out.

    The optional Class option.