Pi+Unbound: Forwarding to Company-Domain

kosta880 · February 20, 2021, 8:30am

Hello,

I am quite new to Linux, Unbound, Pi-hole and also OPNsense which I have since recently.
Until I had it set up like this (on the OPNsense):
Unbound active, no forwarding set up, but with Overrides for my company domains to our company DC. DNS on clients was only the OPNsense.
Now I'd expect it to work it like this, if I understand Pi-hole and Unbound conf-file:
Pi-hole has local host for DNS. conf file has a forwarder portion set up, like this:

forward-zone:
name: "somecompanydomain.com"
forward-addr: 10.10.10.10

So, this would mean, go to root for everything else, but contact 10.10.10.10 for somecompanydomain.com.
Of course, clients should only be pointed to the Pi-hole only.
But it doesn't work. I have to set DC as a DNS forwarding server in Pi-hole, which, if I understand correctly, shouldn't be needed - I'd like for Unbound to handle all that.
Would that be correct?
´
Thank you.

Bucking_Horn · February 20, 2021, 9:40am

Instead of using unbound for this, you could have Pi-hole handle that forward to your DC.
You could create a custom dnsmasq configuration file (e.g. /etc/dnsmasq/42-company-dc.conf) and add the following line to that:

server=/somecompanydomain.com/10.10.10.10

Run pihole restartdns to put these settings into effect.
See dnsmasq documentation for further details on server.

pihole-FTL is a tailored fork of dnsmasq.
You can configure it in the same way, as long as your custom options do not conflict with Pi-hole's own. A syntactical check of your configuration can be initiated by pihole-FTL dnsmasq-test.

kosta880 · February 20, 2021, 6:11pm

Thank you, that actually helped a lot! I entered all my networks in there, including reverse DNS, turned on conditional forwarding, which also gives me resolution on the internal networks.