Pi-hole, Unbound and Site-to-Site
by kosta88 from LinuxQuestions.org on (#5ECPF)
Hello,
I am at home using Pi-hole as my DNS server (unbound) - the setup is new.
I also have a IPsec tunnel with my company.
My firewall is OPNsense.
Up until yesterday I was using unbound on the OPNsense, as a recursive DNS (no forwarders).
I also put domain overrides in there, to access DNS server in the company and be able to resolve hostnames behind company firewall. That worked fine.
Then I decided to install Pi-hole on Ubuntu Server, which works great.
There is a problem though:
If I point my computer to the Pi-hole as DNS, naturally it doesn't know the company DNS.
So, I made sure first to be able to ping the company DNS from the Pi-hole, by adding networks to the tunnel and setting firewall rules.
Now apparently the only thing missing is that unbound should query the company DNS by the IP when specific domain name is used.
I read that most likely I need a stub zone for that.
So I put into unbound:
stub-zone:
name: "domainname.company.com"
stub-addr: 123.456.789.123
Stub-addr is the IP of the domain controller in the company.
And nothing.
I also tried forward-zone, and that didn't work also.
What am I missing please?
Thanks
I am at home using Pi-hole as my DNS server (unbound) - the setup is new.
I also have a IPsec tunnel with my company.
My firewall is OPNsense.
Up until yesterday I was using unbound on the OPNsense, as a recursive DNS (no forwarders).
I also put domain overrides in there, to access DNS server in the company and be able to resolve hostnames behind company firewall. That worked fine.
Then I decided to install Pi-hole on Ubuntu Server, which works great.
There is a problem though:
If I point my computer to the Pi-hole as DNS, naturally it doesn't know the company DNS.
So, I made sure first to be able to ping the company DNS from the Pi-hole, by adding networks to the tunnel and setting firewall rules.
Now apparently the only thing missing is that unbound should query the company DNS by the IP when specific domain name is used.
I read that most likely I need a stub zone for that.
So I put into unbound:
stub-zone:
name: "domainname.company.com"
stub-addr: 123.456.789.123
Stub-addr is the IP of the domain controller in the company.
And nothing.
I also tried forward-zone, and that didn't work also.
What am I missing please?
Thanks