Hello,
I've installed and configured unbound in the "parallel dnsmasq" setup described here:
https://github.com/openwrt/packages/blob/master/net/unbound/files/README.md#parallel-dnsmasq
Seems to work except unbound forwards requests for local (unqualified) hostnames to internet nameservers and resolution fails. If I qualify the hostname with the local domain (".lan") then it works:
$ dig u6-lite-closet
; <<>> DiG 9.10.6 <<>> u6-lite-closet
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 27216
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;u6-lite-closet. IN A
;; AUTHORITY SECTION:
. 993 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2023010700 1800 900 604800 86400
;; Query time: 5 msec
;; SERVER: 192.168.10.1#53(192.168.10.1)
;; WHEN: Sat Jan 07 09:48:20 CST 2023
;; MSG SIZE rcvd: 118
With ".lan":
$ dig u6-lite-closet.lan
; <<>> DiG 9.10.6 <<>> u6-lite-closet.lan
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17467
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;u6-lite-closet.lan. IN A
;; ANSWER SECTION:
u6-lite-closet.lan. 120 IN A 192.168.99.10
;; Query time: 6 msec
;; SERVER: 192.168.10.1#53(192.168.10.1)
;; WHEN: Sat Jan 07 09:49:28 CST 2023
;; MSG SIZE rcvd: 63
dnsmasq DNS is still running on port 1053, and it resolves "local" names w/o qualification.
dnsmasq on port 1053:
$ dig -p 1053 u6-lite-closet
; <<>> DiG 9.10.6 <<>> -p 1053 u6-lite-closet
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62629
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;u6-lite-closet. IN A
;; ANSWER SECTION:
u6-lite-closet. 0 IN A 192.168.99.10
;; Query time: 6 msec
;; SERVER: 192.168.10.1#1053(192.168.10.1)
;; WHEN: Sat Jan 07 09:51:06 CST 2023
;; MSG SIZE rcvd: 59
My config file (only edited via Luci)
/etc/config/unbound
config unbound 'ub_main'
option dns64 '0'
option domain 'lan'
option edns_size '1232'
option extended_stats '0'
option hide_binddata '1'
option interface_auto '1'
option localservice '1'
option manual_conf '0'
option num_threads '1'
option protocol 'default'
option rate_limit '0'
option rebind_localhost '0'
option rebind_protection '1'
option recursion 'default'
option resource 'default'
option root_age '9'
option ttl_min '120'
option ttl_neg_max '1000'
option unbound_control '0'
option verbosity '1'
list iface_wan 'wan'
option enabled '1'
option validator '1'
option validator_ntp '1'
option listen_port '53'
list iface_trig 'lan'
list iface_trig 'wan'
option dhcp_link 'dnsmasq'
config zone 'auth_icann'
option enabled '0'
option fallback '1'
option url_dir 'https://www.internic.net/domain/'
option zone_type 'auth_zone'
list server 'lax.xfr.dns.icann.org'
list server 'iad.xfr.dns.icann.org'
list zone_name '.'
list zone_name 'arpa.'
list zone_name 'in-addr.arpa.'
list zone_name 'ip6.arpa.'
config zone 'fwd_isp'
option enabled '0'
option fallback '1'
option resolv_conf '1'
option zone_type 'forward_zone'
list zone_name 'isp-bill.example.com.'
list zone_name 'isp-mail.example.net.'
config zone 'fwd_google'
option enabled '0'
option fallback '1'
option tls_index 'dns.google'
option tls_upstream '1'
option zone_type 'forward_zone'
list server '8.8.4.4'
list server '8.8.8.8'
list server '2001:4860:4860::8844'
list server '2001:4860:4860::8888'
list zone_name '.'
config zone 'fwd_cloudflare'
option enabled '0'
option fallback '1'
option tls_index 'cloudflare-dns.com'
option tls_upstream '1'
option zone_type 'forward_zone'
list server '1.1.1.1'
list server '1.0.0.1'
list server '2606:4700:4700::1111'
list server '2606:4700:4700::1001'
list zone_name '.'
I'm running OpenWrt 22.03.2, r19803-9a599fee93 on x86.
Any ideas?
Thanks,
Colin