Unbound providing LAN nameservice? Please post config!
-
How many people, if any, have unbound successfully providing nameservice for the boxes on your LAN? If you do, please post the relevant parts of your config, because I'm obviously missing out something.
My setup, which doesn't provide anything including forwarding, is
-
It's not even doing forwarding.
-
How would it do anything if all its listening on is localhost??
If you want it to provide services to LAN, then it would need to listen on lan.. And then most likely you would set it to only query on WAN.. So for example here is that section of my config.
-
If you want it to provide services to LAN, then it would need to listen on lan.. And then most likely you would set it to only query on WAN.. So for example here is that section of my config.
Exactly what I thought! But it refused to let me, saying
_The following input errors were detected:
This system is configured to use the DNS Resolver as its DNS server, so Localhost or All must be selected in Network Interfaces._
-
Never seen such error… You can pick and choose what you want... Here change it..
Yes if your having pfsense use the resolver, then it needs to listen on localhost as well as your lan and or other interfaces..
hold control to pick multiple interfaces.
Should prob put in a request to get that error reworded.. You have to run on at min localhost if you have pfsense using the resolver, etc.. I just duplicated it by just trying to use just lan... Bad wording.. Should prob say something like
This system is configured to use the DNS Resolver as its DNS server, so Localhost must be one of the multiple interfaces selected, or All must be selected.
-
Apparently both XP and 7 are broken in some non-obvious way. Nslookup fails to get anything back from the firewall, and the firewall isn't forwarding any lookups from XP or 7.
But I started up my toy webserver, a fbsd machine, and everything works as expected: nslookup gets the correct return from the firewall, I can ping everything on the lan, and non-local requests get forwarded. And traceroute assures me that yes, it's the firewall that's doing the work. So I don't know what the @#%! is going on with XP & 7.
-
I use windows 7, while maybe there is something up with your install (infected?) windows 7 has no issues doing queries to unbound running on pfsense.. And I can fire up a xp machine and it works just fine too.
And you do understand that unbound does not forward out of the box, its default mode is resolver - which doesn't forward anything anywhere, it works its way down from roots to the authoritative server of the domain your wanting to query a record for..
-
I use windows 7, while maybe there is something up with your install (infected?) windows 7 has no issues doing queries to unbound running on pfsense.. And I can fire up a xp machine and it works just fine too.
I can't imagine what it could be – 7 is a fresh install on a new disc on momcat, and XP on slowcat works well otherwise.
And you do understand that unbound does not forward out of the box, its default mode is resolver - which doesn't forward anything anywhere, it works its way down from roots to the authoritative server of the domain your wanting to query a record for..
I have the "forward" box checked, which presumably causes it to forward my toy webserver's requests, since I don't have any other nameservers declared in /etc/resolv.conf
-
dude are you ever going to show some info to actually work with?? Like say a query and what you get back? From say your windows 7 box.. A sniff on pfsense showing your query from your client?? Something!
This is really basic stuff to troubleshoot.. But without something to go off of it all becomes PEBKAC…
In your other thread all you show is doing queries to 4.2.2.1... That has NOTHING to do with pfsense or unbound at all... So no shit stuff is not going to work if you can not even figure out how to query pfsense..
-
If you want it to provide services to LAN, then it would need to listen on lan.. And then most likely you would set it to only query on WAN.. So for example here is that section of my config.
Exactly what I thought! But it refused to let me, saying
_The following input errors were detected:
This system is configured to use the DNS Resolver as its DNS server, so Localhost or All must be selected in Network Interfaces._
I don't know if you ever sorted this out, but I received the same message when I was making changes to DHCP resolver. I was able to fix this by choosing localhost for "network interfaces" and de-selcting localhost for "outgoing network interfaces". Maybe this would help you too?
(I originally posted that in this thread: https://forum.pfsense.org/index.php?topic=106305.msg593028#msg593028)
