Background: I have Unbound running on OPNSense as my home network DNS server.
Question: Is there a setting to have Unbound resolve plain host names (cookie) against my default LAN domain (sesame.street)?
At home, my laptops use /etc/resolv.conf, so everything without a domain name (cookie), automatically gets the local LAN domain for free (sesame.street). Now everything resolves just fine: cookie.sesame.street.
But I’m running into this issue with the Android phones, which seem to strictly query host names (without the local domain name). (Ofcourse, they are on DHCP so to do have the local domain name.) As a result, Unbound doesn’t resolve those queries, but forwards cookie to the root servers. Which is kinda silly.
1) bind the ip of laptops and android phones to their wifi MAC address
so that they get handed out always the same ip and your
internal unbound as dns server
2) set all boxes with wired connections to static ip addresses
3) add: include: "/var/lib/unbound/local-data.conf" to your
unbound.conf file with something like (use your ip):
local-data: "cookie A 192.168.XXX.YYY"
local-data: "cookie.sesame.street A 192.168.XXX.YYY"
Thanks for the suggestion. But that’s basically getting back to fixed IP addresses, albeit centralized. And you need to maintain it. I’m hoping for an /etc/resolv kind of behavioral switch.
You can implement Tito's recommendations with a DHCP hook script. All DHCP servers have one. This will keep maintenance to a minimum. If static IP are handled through DHCP, then those should be recorded also. You can write a file like "dhcp.conf" and include it in /etc/unbound/unbound.conf. However to prevent restarting Unbound frequently, you also should use unbound-control to insert "local-data:" Assume Unbound is a pure recursive resolver even though it does have a few extras. It will not append search or default domain to a host name query. It won't have other assumptions or shortcuts like dnsmasq or windows client.
Example from OpenWrt: https://github.com/openwrt/packages/tree/master/net/unbound/files (odhcpd.sh)
- Eric
Thanks Eric. Apparently I’m being too naive how this all can work. But guilty as charged, DNS is not particularly my comfort zone. I’ll see how I can make that work for my setup. Cheers, Koos
It seems Android wants you to use full names instead. Which might be
good idea anyway. What are applications on android where you would like
to use those names? Maybe aliases would be simpler there.
Search/domain algorithm are client side. If client=Android does not use
it, there is no other way than to create those names in root. They would
break on any DNSSEC validating client however.
I don't think there is better method than using DHCP hook to create
"cookie. IN CNAME cookie.sesame.street.". It seems FQDN is preferred way
on Android. Which might not be bad thing if it does not support
multicast DNS.
IP camera’s and my local imap and caldav server. I posted this question also on Reddit, and I got this very revealing response that Google circumvents the normal nameserver as provided by DHCP (see on Android Police). I think this explains so much of the issues I’m having with my phones. Yeah, I never realized that until this thread. Sooo much to learn! Thanks for the insights. Cheers, Koos