I’m familiar with essential settings and how DNS resolving mechanism works on pfSense using it’s DNS Resolver (unbound) with mostly default setup.
But I need an advice how to configure pfSense DNS Resolver (if it is possible, but I hope so, because unbound can do that easily) for local DNS zone(s) delegation?
My setup / intention is to have all the clients on LAN using main pfSense box as a one and only DNS resolver. (that’s easily done with DHCP and it’s mostly setup that way by default).
DNS Resolver on pfSense resolves all the queries (using either ISP or predefined DNS servers, I believe pfSense DNS Resolver is not doing recursion on its own) and return answers back to clients on LAN network.
But I would like to configure pfSense DNS Resolver to delegate queries for particular local DNS zone(s) to local DNS (bind9) server(s) living on LAN network, authoritative only for these local DNS zones, but these local DNS (bind9) servers are not expected to do any resolving, forwarding or recursion for queries which they are not responsible for. (there for I have no intention to configure these local DNS (bind9) servers as resolvers for LAN clients via DHCP which would not make any sense).
I would appreciate an advice or links to articles, tutorials, what ever (maybe YouTube videos) going more in depth regarding DNS Resolving on pfSense boxes. Everything I found was just covering basic DNS configuration. Might be even good suggestion for interesting video on LTS channel to do something like “Advanced DNS Resolver configuration on pfSense” because all what can be found is either too old or doesn’t go in depth at all.
Thanks for any help or suggestion on this topic and have great day everyone.
I don’t know about zone level, but you can do it on the domain level by delegating queries for particular domains to other servers using the “Domain Overrides” of pfsense’s DNS Resolver.
Thank you, looks like very good idea (even it’s domain level, not a zone level), but it might work for what I need and absolutely I’ll give it a try tonight.
I have completely missed this section as it is at very bottom of the Services / DNS Resolver / General Settings page
Unbound configured accordingly I think would look something like:
local-zone: "mydomain.home." static
local-data: "mydomain.home. IN NS 10.10.1.1"
But I have no idea how to make this in pfSense. I Might be able to do this using Custom options or server:include:
I don’t know if those lines are the correct ones for your usecase, but you can SSH into your pfSense box and then cat the file /var/unbound/domainoverrides.conf to see what the lines generated by the UI look like. If it doesn’t look correct, you could try to paste your lines into the Custom options field in the UI, which will add them directly to the # Unbound custom options section, in /var/unbound/unbound.conf.
EDIT:
Here’s what a domain override configured in the UI looks like in /var/unbound/domainoverrides.conf
Make sure that the local DNS servers you specify in the forwarder zones are authoritative for the corresponding domains and are capable of handling queries for those zones. Additionally, ensure that your local DNS servers are configured to allow recursion only for the domains they are authoritative for, as you mentioned you don’t intend for them to perform recursion for queries they’re not responsible for. Regarding further resources, you may find detailed documentation or forum discussions on the pfSense website or community forums. You can also explore online tutorials or guides related to DNS forwarding and delegation using Unbound, as the concepts are not specific to pfSense and can be applied in various DNS server setups.
