Unbound + search domain
Seems like unbound is the new default for pfsense, so how to setup unbound that it resolves local hostnames by adding the local domain and forward the request to a remote server?
nslookup hostname 192.168.1.1 always gives me an "non-existent domain" error. even if i set the domain in System > General Setup > Domain and all clients get the domain via DHCP.
nslookup hostname.mydomain.com 192.168.1.1 only works, if i go to Services > DNS Resolver > Domain Overrides and set an override for my local domain to lookup a remote server - otherwise i get the "non-existent domain" error.
I guess the problem is, that even if i login to the pfsense machine via ssh and try it there, it doesn't resolve without domain. So how to set the search domain for unbound? ususally i would edit /etc/resolv.conf but it seems strange to me to edit a system file for such a common option.
your search domain would be set on your client..
so my clients domain is in local.lan so when I do a nslookup for just storage it adds the domain local.lan
Windows IP Configuration
Ethernet adapter Local:
Connection-specific DNS Suffix . : local.lan
IPv4 Address. . . . . . . . . . . : 192.168.9.100
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.9.253
If your domain in question is authoritative on some other server in your network, then yes you would do a domain over ride in unbound to tell it where to go to look up your domain
our domain is public and serves local adresses for some hostnames. Let's say our domain is galaxy.com and if I or you or anybody else looks up sun.galaxy.com, it would answer 192.168.1.5 while www.galaxy.com returns the IP of a rented root server.
C:\>ipconfig Windows-IP-Konfiguration Ethernet-Adapter LAN-Verbindung: Verbindungsspezifisches DNS-Suffix: galaxy.com IPv4-Adresse . . . . . . . . . . : 192.168.1.127 Subnetzmaske . . . . . . . . . . : 255.255.255.0 Standardgateway . . . . . . . . . : 192.168.1.14 C:\>nslookup sun Server: firewall.galaxy.com Address: 192.168.1.1 *** sun wurde von firewall.galaxy.com nicht gefunden: Non-existent domain. C:\>nslookup sun.galaxy.com Server: firewall.galaxy.com Address: 192.168.1.1 Nicht autorisierende Antwort: Name: sun.galaxy.com Address: 192.168.1.2
And if i wouldn't set Services > DNS resolver > Domain Overrides > for "galaxy.com" to use "188.8.131.52" (or any other public DNS server), it wouldn't even resolv the fqdn sun.galaxy.com
It's just a guess, but does pfSense has a problem to lookup/forward a domain onto a remote server if it has been set as local domain?
serving up rfc1918 from a public domain is BROKEN configuration plain and simple..
Your clearly going to run into rebinding protection problems doing that. And its just BAD idea all the way around..
You need to serve up your rfc1918 space from local servers..
so it would be ok to enter them in the host override config of pfsense and remove them from the public DNS server? would that work?
yup that would work for sure..