Hi there,
I am using pi-hole and unbound.
i have several internal websites/services/ip adresses for example volumio.local or my synology nas in my LAN and they show up in pi-hole as well (reply is NXDOMAINor cached) and I have configured my local ip range in the unbound config file. (/etc/unbound/unbound.conf.d/pi-hole.conf)
But how do i know that these requests are not forwarded first? I mean the sites are working fine but is the reply of NXDOMAIN within pi hole correct for an internal website? Is there a way to figure out if the config file is set up correct?
This is how it looks:
# Ensure privacy of local IP ranges
private-address: 192.168.1.1/24
private-address: 192.168.1.1/16
private-address: 192.168.0.0/16
private-address: 172.16.0.0/12
private-address: 10.0.0.0/8
A NXDOMAIN means it did not resolve to a nameserver as I understand so you should be good.
I use the 10.0.0.0/8 as my local domain for my internal clients so I just have that private-address setup.
Within unbound.conf I recommend adding:
# enable to not answer id.server and hostname.bind queries.
hide-identity: yes
# enable to not answer version.server and version.bind queries.
hide-version: yes
Calomel.org uses this in his/her configuration and I understand this also limits some of the errors you see. If it shows though as NXDOMAIN then it failed and there is nothing to worry about.
My network now is mostly ip6 addresses resolving to ther ip6 address so that for me is causing my own level of confusion now.
