On the face of it, my issue looked very much like that mentionedd in a previous (closed) post
I have tried the fix recommended by @davids but it doesn't seem to be working. I have restarted both the router and one test client (with a static lease), but I'm still getting lookup failures, both on the router itself and on a different client. Not only static leases are not being found, even hosts with fixed addresses are unknown. FQDN or shortname makes no difference.
I followed this guide for the "Parallel dnsmasq" scenario.
If I query dnsmasq (on port 1053) from the clients, I get a valid reply, so it looks like the query to unbound is going straight to the root servers, which obviously isn't ideal
I use dnsmasq for serving DNS and tell it to talk to unbound upstream on port 5353, unbound then does DoT to 1.1.1.1 the scheme works well and resolves local names no problem.
@dlakelan I assume DoT stands for "DNS over TLS", which is something I'll deal with later once I have it working.
Most importantly, you seem to have followed the so-called "serial" approach. I have read the documentation and decided that I wanted to follow the "parallel" one. I'll get back to you if I decide to switch tactic, for the moment thanks for the help.
Yes, my device is a RPi4 with 4GB of RAM and 64 Gigs of microsd, I have dnsmasq cache set to something like 5000 entries, so neither resource consumption nor speed are of any concern. Dns over tls generally adds latency to the initial lookup so caching is essential.
@anomeome good idea, anything specific I should look out for? I see that the local dnsmasq port is present and correct, would you like the complete file?
I just did a quick test on a couple of devices and things worked for me. As per dlakelan above I was running serial, I made just the changes required to run parallel and the static leases resolve.
/etc/config/unbound
# option dhcp_link 'none'
option dhcp_link 'dnsmasq'
# option listen_port '5353'
option listen_port '53'
/etc/config/dhcp
# option port '53'
option port '5353'
# list server '127.0.0.1#5353'
# list server '::1#5353'
Edit: should add I'm on master, which iirc is a more recent version of unbound than the 19.x readme you linked above.
I'll try comparing the two READMEs in case some changes were made. Other than a different port number, I don't see anything obviously wrong in my setup compared to the above snippet.
I'll have a look tomorrow, then post the raw config if I can't solve it. Thanks, btw.
Hmm, I thought I needed to add a forward-zone and did so via luci; turns out I was wrong, since the "dnsmasq" link option probably takes care of that.
However I noticed that this implicit zone definition uses "forward-addr" while my expllcit zone uses "forward-host".
Anyhow, it still doesn't work: with "forward-host" I get a SERVFAIL, whereas "forward-addr" gives me NXDOMAIN because it goes straight to root: even considering an earlier post on host vs domain, I still get no reply for both static addresses (config domain) and static leases (config host)
@anomeome here is the unbound.conf file, with masked data:
(I started masking it before testing, never mind the timestamp)
@anomeome thanks for the tip, I have edited my post, it works nicely.
Back on topic: that definition came from /etc/config/dhcp and it's been like that for, well, ages. I could try to find out why it was so (meaning, both "option local" and "option domain", the latter with domainname and IP/mask), with but it wouldn't really help in this case; in fact, I've tried removing the IP/mask and restarting both dnsmasq and unbound, no luck.
Ok, I'll have more questions once I have compared the config files.
@anomeome looks like you were correct, I must have made some mistakes during testing: changing option domain 'localdomain,192.168.0.0/16'
to option domain 'localdomain'
indeed fixed the fqdn dig lookup.
Also, I have apparently fixed the "host works / domain does not" issue I mentioned earlier by changing
add_extra_dns from the default 0 to 1.
EDIT: I had another question but it's getting off-topic, it's better if I close this thread and create a new one.