4. Unbound and pfBlockerNG DNSBL returning DNSBL VIP instead of firewall IP

Unbound and pfBlockerNG DNSBL returning DNSBL VIP instead of firewall IP

  • T

    It was recommended that I move my question to the DNS forum. I initially asked it here:  https://forum.pfsense.org/index.php?topic=102470.msg587466#msg587466

    Issue is: my pfSense box (hostname "firewall.domain" with VLAN IP 10.100.0.1) is my DNS server and when I query it for it's own IP, it returns the pfBlockerNG DNSBL VIP (10.10.10.1) first and then the proper interface IP (10.100.0.1)

    I have pfBlockerNG DNSBL enabled and working well otherwise. Unbound is NOT in forwarding mode. I have disabled and enabled DHCP registration in Unbound to no avail. I have a host override for "firewall.domain" pointing to the VLAN IP and even tried disabling "DNS Rebinding Checks" and using Unbound's advanced config "server:private-domain: "domain"".

    Am I missing something in this setup? This isn't show-stopping, just a curiosity that I'd like to nail down…

    Dig results from my local machine:

    
; <<>> DiG 9.8.3-P1 <<>> firewall.domain
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35064
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;firewall.domain.		IN	A

;; ANSWER SECTION:
firewall.domain.	3600	IN	A	10.10.10.1
firewall.domain.	3600	IN	A	10.100.0.1

;; Query time: 0 msec
;; SERVER: 10.100.0.1#53(10.100.0.1)
    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy