The issue I am facing:
I would like to use unbound together with a local "lan" zone. I would like to maintain CNAME entries for local clients. I can see requests being forwarded but the behavior differs depending on the querying application.
dig and nslookup give the desired results, ssh and mosquitto_sub fail.
Details about my system:
unbound is set in pi-hole as the sole upstream resolver. I maintain a dual stack environment. There is a fixed DHCP reservation for the test host (not using its CNAME) in pihole. unbound should be authoritative for 'lan'. /etc/nsswitch.conf only refers to files and dns for hosts.
What I have changed since installing Pi-hole:
I added unbound.
If there isn't a better answer coming up, I'd like to share my research results for posterity. It appears unbound isn't quite up to the task as a local DNS: "What you are running into is the fact that Unbound is not designed to be a full-featured authoritative DNS server. It is a full featured recursive DNS server" (source, 2009).
It serves the CNAME record but will not resolve it to the proper host like other domain name servers would do. I guess I'll have give up to use unbound for that purpose.
Edit: Apparently, depending on the source of the query, some tools interpret the response and query again with the canonical name. ssh isn't one of these tools.
This isn’t necessarily correct. You can set up “Auth Zones” or “Stub Zones” On Unbound. The documentation you referenced is almost 12yrs old. Unbound can effectively be an Authorative/Caching/Recursive DNS resolver this way. This is the way I have it setup at home.
Thank you for your remarks. If I understand your approach correctly if you work with stub sites and zone files CNAMEs get resolved properly. I solved my particular demand by adding my CNAME entries in pihole's dnsmasq config files.
Your approach is the easiest approach honestly. But, you can indeed use Unbound for that purpose, and it can serve as an Authoritative DNS server for all the devices on your local network as well. In order to just resolve CNAMES with unbound all you have to is setup a “Local Zone” with the domain names and IP addresses of your local devices.