Bug #13151
closed
DNS Resolver (unbound) leaking DNS queries
0%
Description
Not sure if this is a bug or a misconfiguration/misunderstanding of unbound on my part?
Platform: pfSense+ 22.01-RELEASE on Netgate 7100
Overview:
I have unbound (DNS Resolver) configured as follows:
Enabled: Checked
Network Interfaces: All
Outgoing Network Interfaces: All
System Domain Local Zone Type: Transparent
DNS Query Forwarding: Enabled
Static DHCP: Enabled
NOTE: Any settings not listed above are not checked (i.e. disabled)
I have a number of entries in the 'Host Overrides' section e.g.| Host | Parent domain of host | IP to return for host | Description |
|---|---|---|---|
| host1 | grey.fx | 192.168.138.10 | |
| host2 | grey.fx | 192.168.138.11 | |
| host3 | grey.fx | 192.168.138.12 |
| Domain | B=Lookup Server IP Address | Description |
|---|---|---|
| black.fx | 192.168.1.1 | |
| cyber.grey.fx | 192.168.144.1 |
When in transparent mode, from a device using the pfSense host as it DNS server, if I perform a:
nslookup host4.grey.fx NOTE: This entry is not in the table above
the request will be forwarded to the upstream servers configured in System -> General setting
If I attempt the same request with the mode set to 'Static', the query is not forwarded, but this will break the forwarding for 'cyber.grey.fx' (i.e. it no longer forwards, it returns NXDomain)
What I am hoping to be able to accomplish with the pfSense host:
1. Answer for *.grey.fx - without forwarding upstream for unknown hosts entries
2. Forward for *.cyber.grey.fx
3. Forward for *.black.fx
4. Forward upstream for all other queries
If I need to supply any additional details, please let me know.
Thanks
Updated by