Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Unbound and pfBlockerNG DNSBL returning DNSBL VIP instead of firewall IP

    DHCP and DNS
    1
    1
    1117
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      todolist last edited by

      It was recommended that I move my question to the DNS forum. I initially asked it here:  https://forum.pfsense.org/index.php?topic=102470.msg587466#msg587466

      Issue is: my pfSense box (hostname "firewall.domain" with VLAN IP 10.100.0.1) is my DNS server and when I query it for it's own IP, it returns the pfBlockerNG DNSBL VIP (10.10.10.1) first and then the proper interface IP (10.100.0.1)

      I have pfBlockerNG DNSBL enabled and working well otherwise. Unbound is NOT in forwarding mode. I have disabled and enabled DHCP registration in Unbound to no avail. I have a host override for "firewall.domain" pointing to the VLAN IP and even tried disabling "DNS Rebinding Checks" and using Unbound's advanced config "server:private-domain: "domain"".

      Am I missing something in this setup? This isn't show-stopping, just a curiosity that I'd like to nail down…

      Dig results from my local machine:

      
; <<>> DiG 9.8.3-P1 <<>> firewall.domain
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35064
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;firewall.domain.		IN	A

;; ANSWER SECTION:
firewall.domain.	3600	IN	A	10.10.10.1
firewall.domain.	3600	IN	A	10.100.0.1

;; Query time: 0 msec
;; SERVER: 10.100.0.1#53(10.100.0.1)
      1 Reply Last reply Reply Quote 0
      • First post
        Last post

      Products

      • Platform Overview
      • TNSR
      • pfSense
      • Appliances

      Services

      • Training
      • Professional Services

      Support

      • Subscription Plans
      • Contact Support
      • Product Lifecycle
      • Documentation

      News

      • Media Coverage
      • Press
      • Events

      Resources

      • Blog
      • FAQ
      • Find a Partner
      • Resource Library
      • Security Information

      Company

      • About Us
      • Careers
      • Partners
      • Contact Us
      • Legal
      Our Mission

      We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

      Subscribe to our Newsletter

      Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

      © 2021 Rubicon Communications, LLC | Privacy Policy