Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Unbound and pfBlockerNG DNSBL returning DNSBL VIP instead of firewall IP

    DHCP and DNS
    1
    1
    1149
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      todolist last edited by

      It was recommended that I move my question to the DNS forum. I initially asked it here:  https://forum.pfsense.org/index.php?topic=102470.msg587466#msg587466

      Issue is: my pfSense box (hostname "firewall.domain" with VLAN IP 10.100.0.1) is my DNS server and when I query it for it's own IP, it returns the pfBlockerNG DNSBL VIP (10.10.10.1) first and then the proper interface IP (10.100.0.1)

      I have pfBlockerNG DNSBL enabled and working well otherwise. Unbound is NOT in forwarding mode. I have disabled and enabled DHCP registration in Unbound to no avail. I have a host override for "firewall.domain" pointing to the VLAN IP and even tried disabling "DNS Rebinding Checks" and using Unbound's advanced config "server:private-domain: "domain"".

      Am I missing something in this setup? This isn't show-stopping, just a curiosity that I'd like to nail down…

      Dig results from my local machine:

      
; <<>> DiG 9.8.3-P1 <<>> firewall.domain
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35064
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;firewall.domain.		IN	A

;; ANSWER SECTION:
firewall.domain.	3600	IN	A	10.10.10.1
firewall.domain.	3600	IN	A	10.100.0.1

;; Query time: 0 msec
;; SERVER: 10.100.0.1#53(10.100.0.1)
      1 Reply Last reply Reply Quote 0
      • First post
        Last post