search

MatthewVance / unbound-docker-rpi

Run Unbound with latest version of OpenSSL on Raspberry Pi with Docker.
MIT License
144 stars 23 forks source link

Custom DNS not working #16

Closed robinschneider closed 3 years ago

robinschneider commented 3 years ago

I tried to add some local DNS entries but they do not work for me. I used all the commands step by step from the readme. I created a file named a-records.conf and added content like this:

# A Record
  #local-data: "somecomputer.local. A 192.168.1.1"
  local-data: “laptop.local. A 192.168.1.2”

# PTR Record
  #local-data-ptr: "192.168.1.1 somecomputer.local."
  local-data-ptr: "192.168.1.2 laptop.local."

Then I used the command to get the container up and running

docker run \
--name=unbound-rpi \
--volume=$(pwd)/a-records.conf:/opt/unbound/etc/unbound/a-records.conf:ro \
--publish=53:53/udp \
--publish=53:53/tcp \
--restart=unless-stopped \
--detach=true \
mvance/unbound-rpi:latest

I removed the dns settings from my device and only added the ip of the raspberry pi. Upstream DNS worked for me, I was able to visit github and other sites. But DNS lookup and ping for sites in the a-records.conf did not work. I tried the laptop.local domain as well as some "real" domain names I own as well as IP addresses inside and outside of my network.

I ran docker exec -it unbound-rpi bash to look into the files inside the container and everything looked as expected. The unbound.conf hatthe a-records.conf included:

# Include file for local-data and local-data-ptr
include: /opt/unbound/etc/unbound/a-records.conf
include: /opt/unbound/etc/unbound/srv-records.conf

The a-records.conf also had the right values.

But still, DNS lookup for these did not work.

MatthewVance commented 3 years ago

Hi @robinschneider, can you double check the quotes used in your a-records file? It looks like your second line has “ instead of ". It may be hard to see, but I think you have curly double quotes instead of straight double quotes.

MatthewVance commented 3 years ago

I'll need to update the Readme then. #12 is an upstream Unbound issue as far as I can tell. The container will continue to work with that error in the log.

On Wed, Jun 9, 2021, 1:12 PM Robin Schneider @.***> wrote:

I double checked it and it was indeed wrong. But it is also wrong in the readme

https://github.com/MatthewVance/unbound-docker-rpi#serve-custom-dns-records-for-local-network Now I have the same Issue as in #12 https://github.com/MatthewVance/unbound-docker-rpi/issues/12

— You are receiving this because you modified the open/close state. Reply to this email directly, view it on GitHub https://github.com/MatthewVance/unbound-docker-rpi/issues/16#issuecomment-857933748, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAUMHOSXSUB3G6JF6QYSCVLTR6VINANCNFSM46K2RO5A .

MatthewVance commented 3 years ago

I'm unable to recreate the issue.

I ran on my Pi:

sudo docker run \
> --name=unbound-rpi \
--volume=$(pwd)/a-records.conf:/opt/unbound/etc/unbound/a-records.conf:ro \
--publish=53:53/udp \
--publish=53:53/tcp \
--restart=unless-stopped \
--detach=true \
mvance/unbound-rpi:latest

and then to confirm health.

sleep 10 && sudo docker ps -a

On a different computer, I ran (inserting Pi's IP address):

dig @X.X.X.X google.com

It returned an a-record response with Google's IP as expected.

I then checked to confirm the custom ones return:

dig @X.X.X.X laptop.local

It returned:

; <<>> DiG 9.10.6 <<>> @X.X.X.X laptop.local
; (1 server found)
;; global options: +cmd
;; Got answer:
;; WARNING: .local is reserved for Multicast DNS
;; You are currently testing what happens when an mDNS query is leaked to DNS
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55666
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;laptop.local.          IN  A

;; ANSWER SECTION:
laptop.local.       3600    IN  A   192.168.1.2

;; Query time: 4 msec
;; SERVER: X.X.X.X#53(192.168.1.50)
;; WHEN: Wed Jun 09 19:00:55 CDT 2021
;; MSG SIZE  rcvd: 57

For good measure on the Pi, I also ran: sudo docker logs unbound-rpi

It did not return any errors (though I expect the UDP connect IPv6 one to eventually pop-up in the logs).

One other thing to check. Are you using a browser which uses its own DNS settings when checking the local resolutions? Many support DoH (DNS over HTTPS) now and may ignore OS level settings. Thus it's good to manually check with a tool like dig, explicitly setting the DNS server to check via @ IP.

MatthewVance commented 3 years ago

Thanks for the update and trying a few other things. I'm not sure how to help without being able to reproduce the issue. Would you provide all the commands you run and also their outputs. It'd be good to see docker ps and docker logs for the running container.

Please also include the a-records.conf file and the the output of ifconfig run on the Pi (not within the container).

On Tue, Jun 15, 2021, 11:52 AM Robin Schneider @.***> wrote:

So I tried the other, non Raspberry Pi Image as well, I tried to use an ubuntu device as a with dig @X.X.X.X as well as NSLOOKUP on a windows. When I enter a domain like google.com (where I created a DNS entry before to resolve a different IP) I got the "real" IP of google instead of the one I entered. When using a .local domain I got no result at all. So for me it seems like the a-records.conf file gets ignored.

— You are receiving this because you modified the open/close state. Reply to this email directly, view it on GitHub https://github.com/MatthewVance/unbound-docker-rpi/issues/16#issuecomment-861664800, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAUMHOVRTE5U5EN2M2BXPKLTS6ALJANCNFSM46K2RO5A .