Bug #13065
closed
Domain override for home.arpa not working
0%
Description
When I setup a domain override for home.arpa to use the DNS Resolver on the remote wireguard node, unbound does not even generate the request. This used to work. If I specify another domain other than home.arpa and point it to the same DNS Resolver, everything works. Here's my thread about it:
Updated by Jim Pingle about 2 years ago
- Status changed from New to Not a Bug
This is a settings issue, not a bug. Your firewall is almost certainly still set at the default hostname+domain of pfsense.home.arpa. The DNS Resolver already adds an internal automatic local zone declaration for the firewall's "own" domain so adding an override won't be effective. Each separate location should have its own (sub)domain if you want to resolve remote DNS hosts in that way.
Change the domain name of the firewall itself and your override will work like you want.
Updated by Kevin Mychal Ong about 2 years ago
Jim,I'm not sure what you mean. All three of my sites are on their own local domain (not subdomain).
Site 1 = home.arpa
Site 2 = condo.arpa
Site 3 = jojo.arpa
Where I'm adding the "home.arpa" override is on sites 2 and 3, which is not their "own" domain, so the override should work. This is done so that when the clients on those sites try resolving xxx.home.arpa, the site 1 unbound answers those queries. And this works beautifully not too long ago, for a couple of years already.
Am I missing something on what you're trying to explain? Let me know if you need any logs.
Updated by Jim Pingle about 2 years ago
Check the Domain under System > General Setup , that should match whatever the domain for the site is, if it's home.arpa on the other two locations then that conflicts in the way I described.
If you still need help, post on the forum to discuss it deeper.
Updated by Kevin Mychal Ong about 2 years ago
Yes, I know what you're sayingand they do match with the site's domain. There is 100% no conflict. The pfsense dhcp server also gives out the expected domain names. Ihave posted this in the forum for a while now and nobody seems to have a clue which is whyI posted it as a bug here:
Updated by Jim Pingle about 2 years ago
There is no special handling for home.arpa except when the firewall's own domain is set to home.arpa -- the only places in the source that mention home.arpa are the default configuration where it is the firewall domain and various text descriptions and examples that have no bearing on functionality.
It has to be something in your configuration, environment, or clients, not bug in the code.
Updated by Kevin Mychal Ong about 2 years ago
That's what I thought, which is why I was pretty convinced this is a "bug". I've exhausted all troubleshooting that I know of so I'm not sure where to ask for help. It's not because of the clients because a DNS lookup on the firewall itself leads to the same issue. This happens only for the home.arpa domain and a packet capture on sites 2/3 don't show any packets destined to the override DNS server (on site 1) when it is for the home.arpa domain. If it's for any other domain, it is working.
Updated by Kevin Mychal Ong about 2 years ago
Can I provide logs here so they can be looked at and to start reproducing the issue on your end? I really don't have any special configuration aside from using wireguard for my tunnels. Maybe wireguard is causing this?
Updated by Jim Pingle about 2 years ago
Please keep the discussion on the forum -- this is not a platform for support.