4. Unbound and pfBlockerNG DNSBL returning DNSBL VIP instead of firewall IP

Unbound and pfBlockerNG DNSBL returning DNSBL VIP instead of firewall IP

  • T

    It was recommended that I move my question to the DNS forum. I initially asked it here:  https://forum.pfsense.org/index.php?topic=102470.msg587466#msg587466

    Issue is: my pfSense box (hostname "firewall.domain" with VLAN IP 10.100.0.1) is my DNS server and when I query it for it's own IP, it returns the pfBlockerNG DNSBL VIP (10.10.10.1) first and then the proper interface IP (10.100.0.1)

    I have pfBlockerNG DNSBL enabled and working well otherwise. Unbound is NOT in forwarding mode. I have disabled and enabled DHCP registration in Unbound to no avail. I have a host override for "firewall.domain" pointing to the VLAN IP and even tried disabling "DNS Rebinding Checks" and using Unbound's advanced config "server:private-domain: "domain"".

    Am I missing something in this setup? This isn't show-stopping, just a curiosity that I'd like to nail down…

    Dig results from my local machine:

    
; <<>> DiG 9.8.3-P1 <<>> firewall.domain
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35064
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;firewall.domain.		IN	A

;; ANSWER SECTION:
firewall.domain.	3600	IN	A	10.10.10.1
firewall.domain.	3600	IN	A	10.100.0.1

;; Query time: 0 msec
;; SERVER: 10.100.0.1#53(10.100.0.1)
    0
Log in to reply
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy