Hmm, I thought I needed to add a forward-zone and did so via luci; turns out I was wrong, since the "dnsmasq" link option probably takes care of that.
However I noticed that this implicit zone definition uses "forward-addr" while my expllcit zone uses "forward-host".
Anyhow, it still doesn't work: with "forward-host" I get a SERVFAIL, whereas "forward-addr" gives me NXDOMAIN because it goes straight to root: even considering an earlier post on host vs domain, I still get no reply for both static addresses (config domain) and static leases (config host)
@anomeome here is the unbound.conf file, with masked data:
(I started masking it before testing, never mind the timestamp)
unbound.conf
# /var/lib/unbound/unbound.conf generated by UCI 2020-03-30T11:09:25+0000
# /var/lib/unbound/server.conf.tmp generated by UCI 2020-03-30T11:09:25+0000
server:
username: unbound
chroot: /var/lib/unbound
directory: /var/lib/unbound
pidfile: /var/run/unbound.pid
tls-cert-bundle: /var/lib/unbound/ca-certificates.crt
num-threads: 1
msg-cache-slabs: 1
rrset-cache-slabs: 1
infra-cache-slabs: 1
key-cache-slabs: 1
use-syslog: yes
statistics-interval: 0
statistics-cumulative: no
verbosity: 1
extended-statistics: no
edns-buffer-size: 1280
port: 53
outgoing-port-permit: 10240-65535
interface: 0.0.0.0
interface: ::0
module-config: "iterator"
cache-min-ttl: 120
cache-max-ttl: 72000
val-bogus-ttl: 300
infra-host-ttl: 900
hide-identity: yes
hide-version: yes
private-address: 10.0.0.0/8
private-address: 100.64.0.0/10
private-address: 169.254.0.0/16
private-address: 172.16.0.0/12
private-address: 192.168.0.0/16
private-address: fc00::/7
private-address: fe80::/10
access-control: LAN/24 allow
access-control: xxxx:yyyy:zzzz:2::c0:fefe/64 allow
access-control: aaaa:bbbb:cccc:2::c0:fefe/64 allow
access-control: WAN/32 allow
access-control: MODEM/24 allow
access-control: GUEST/24 allow
access-control: xxxx:yyyy:zzzz:3::c0:fefe/64 allow
access-control: aaaa:bbbb:cccc:3::c0:fefe/64 allow
access-control: HE_NET/64 allow
access-control: 127.0.0.0/8 allow
access-control: ::1/128 allow
access-control: fe80::/10 allow
# /var/lib/unbound/host.conf.tmp generated by UCI 2020-03-30T11:09:25+0000
# Local zone is handled by dnsmasq
# /var/lib/unbound/dnsmasq_srv.conf.tmp generated by UCI 2020-03-30T11:09:25+0000
do-not-query-localhost: no
domain-insecure: localdomain,192.168.0.0/16
private-domain: localdomain,192.168.0.0/16
local-zone: localdomain,192.168.0.0/16 transparent
domain-insecure: REVLAN.in-addr.arpa
private-domain: REVLAN.in-addr.arpa
local-zone: REVLAN.in-addr.arpa transparent
domain-insecure: REVLAN6.ip6.arpa
private-domain: REVLAN6.ip6.arpa
local-zone: REVLAN6.ip6.arpa transparent
domain-insecure: REVULALAN.ip6.arpa
private-domain: REVULALAN.ip6.arpa
local-zone: REVULALAN.ip6.arpa transparent
domain-insecure: REVGUEST.in-addr.arpa
private-domain: REVGUEST.in-addr.arpa
local-zone: REVGUEST.in-addr.arpa transparent
domain-insecure: REVGUEST6.ip6.arpa
private-domain: REVGUEST6.ip6.arpa
local-zone: REVGUEST6.ip6.arpa transparent
domain-insecure: REVULAGUEST.ip6.arpa
private-domain: REVULAGUEST.ip6.arpa
local-zone: REVULAGUEST.ip6.arpa transparent
include: /var/lib/unbound/unbound_srv.conf
# /var/lib/unbound/zone.conf.tmp generated by UCI 2020-03-30T11:09:24+0000
# /var/lib/unbound/ctrl.conf.tmp generated by UCI 2020-03-30T11:09:25+0000
# /var/lib/unbound/dnsmasq_ext.conf.tmp generated by UCI 2020-03-30T11:09:25+0000
forward-zone:
name: localdomain,192.168.0.0/16
forward-first: no
forward-addr: 127.0.0.1@1053
forward-zone:
name: REVLAN.in-addr.arpa
forward-first: no
forward-addr: 127.0.0.1@1053
forward-zone:
name: REVLAN6.ip6.arpa
forward-first: no
forward-addr: 127.0.0.1@1053
forward-zone:
name: REVULALAN.ip6.arpa
forward-first: no
forward-addr: 127.0.0.1@1053
forward-zone:
name: REVGUEST.in-addr.arpa
forward-first: no
forward-addr: 127.0.0.1@1053
forward-zone:
name: REVGUEST6.ip6.arpa
forward-first: no
forward-addr: 127.0.0.1@1053
forward-zone:
name: REVULAGUEST.ip6.arpa
forward-first: no
forward-addr: 127.0.0.1@1053
include: /var/lib/unbound/unbound_ext.conf