Hi everyone!
I'm running OpenWRT 18.06 on a DGA4131, on which I configured unbound and disabled dnsmasq dhcp role as per the wiki page:
I also configured a IPSec VPN server with Strongswan, which works great.
The problem is that lan hostnames don't get resolved by unbound over the VPN, but I actually think that they don't get resolved at all: even if they get resolved on lan, if I stop unbound they still get resolved, so I think they're because of NetBIOS and not because of unbound.
If I use dnsmasq instead of unbound they get resolved even over the VPN, but I would like to use unbound for DNSSec validation (I can't use stubby because I don't have that package in my firmware's repos).
I managed to resolve some domains with unbound (also over the VPN) by adding them to /etc/config/dhcp in this way:
config domain
option name 'devicehostname'
option ip '192.168.1.1'
But I'd like to have all of them to resolve without manually adding them. I'd also like to get e.g. "hostname" to resolve and not "hostname.lan", as it was with dnsmasq.
Am I missing something? Is there a way to do this?
My /etc/config/dhcp configuration:
config dnsmasq 'dnsmasq'
option domainneeded '1'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option cachelocal '0'
option cachesize '0'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.auto'
option strictorder '1'
option dhcpscript '/lib/dnsmasq/dhcp-event.sh'
list hostname 'omitted'
option logfacility '/var/log/dnsmasq'
list dhcp_option_force 'tag:cpewan-id,vi-encap:3561,6,"omitted"'
list dhcp_option_force 'tag:cpewan-id,vi-encap:3561,5,"omitted"'
list dhcp_option_force 'tag:cpewan-id,vi-encap:3561,4,"omitted"'
option port '0'
option localservice '0'
option nonwildcard '0'
config odhcpd 'odhcpd'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
config dhcp 'lan'
option interface 'lan'
option start '50'
option limit '201'
option leasetime '24h'
option dhcpv6 'server'
option ra 'server'
option ra_management '0'
option ra_mininterval '200'
option ra_maxinterval '600'
option ra_lifetime '1800'
option ra_hoplimit '64'
option ra_mtu '1480'
option force '1'
option ignore '0'
config dhcp 'wan'
option interface 'wan'
option ignore '0'
option dhcpv4 'disabled'
config dhcp 'wan6'
option interface 'wan'
option ignore '1'
config dhcp 'wwan'
option interface 'wwan'
option ignore '1'
config opassthrud 'opassthrud'
option passthruscript '/lib/dhcpopassthrud/dnsmasq.sh'
option options_needed '0'
config relay 'relay'
config host '1DF3C892AD9EF930D21A3D6C478DA0BF'
option mac 'omitted'
option ip '192.168.1.1'
option name 'omitted'
config host 'DD563BFAF67F1AF629746EB960611713'
option mac 'omitted'
option ip '192.168.1.2'
option name 'omitted'
config host 'F6E1A3498ACE5C864BF26758BB664CC5'
option mac 'omitted'
option ip '192.168.1.3'
option name 'omitted'
config host 'E76FDA79ABA5B5E062B3DFB72B17C961'
option ip '192.168.1.4'
option mac 'omitted'
option name 'omitted'
config domain
option name 'omitted'
option ip '192.168.1.1'
config domain
option name 'omitted'
option ip '192.168.1.4'
My /etc/config/unbound configuration:
config unbound
option add_local_fqdn '1'
option add_wan_fqdn '0'
option dhcp_link 'none'
option dns64 '0'
option domain 'lan'
option domain_type 'static'
option edns_size '1280'
option extended_luci '0'
option extended_stats '0'
option hide_binddata '1'
option listen_port '53'
option manual_conf '0'
option protocol 'default'
option rebind_localhost '0'
option recursion 'default'
option resource 'default'
option root_age '9'
option ttl_min '120'
option unbound_control '0'
option validator_ntp '1'
option validator '1'
option localservice '0'
option enabled '1'
option rebind_protection '1'
option add_extra_dns '1'
list trigger_interface 'lan'
list trigger_interface 'wan'
config zone 'forward'
option enabled '1'
option fallback '0'
option zone_type 'forward_zone'
option tls_upstream '1'
list zone_name '.'
option tls_index 'cloudflare-dns.com'
list server '2606:4700:4700::1111'
list server '2606:4700:4700::1001'
list server '1.1.1.1'
list server '1.0.0.1'
Thank you in advance for your help and sorry if my english is not the best, I'm Italian.