MartineauUK/Unbound-Asuswrt-Merlin

Custom domains not working

Closed this issue · 1 comments

mernamer commented

What I expected to happen: Custom domain would direct to correct local IP when using domain on local network.

What I did:
Updated unbound.conf with custom domains after...

  • Successfully installed manager on an RT-AC68P using Asuswrt-Merlin 384.5, no additional modules installed.
  • Everything else works as intended.
  • DNS Filter directing to the router as directed.
  • Also, LAN tab custom dns settings still set with DNS filter is on, didn't see in docs if matters, but plan to check when local network not being used by people who will complain if I knock us offline for a few minutes.

Then set up domains in unbound.conf as such, without comments:

  local-zone: "my.domain.org" redirect #Tried without this line, just to check, made no difference.
  local-data: "my.domain.org A 192.168.1.5"
 local-data: "example.local A 192.168.1.6"

 local-data-ptr: "192.168.1.5 my.domain.org"
 local-data-ptr: "192.168.1.6 example.local"

Domain names and IPs are changed to protect the innocent or whatever.

Updated the conf in the manager, confirmed it's still running, even tried a reboot.

What happened instead: It just didn't work.

  1. only while connected to router via SSH: ping my.domain.org returns correct IP
  2. Other devices on local network can't even get a ping.

Additional details / logs
Cursory review of /var/logs showed nothing useful

? menu (running v3.22):

         Router Configuration recommended pre-reqs status:
         [✔] Swapfile=1048572 kB
         [✔] DNS Filter=ON
         [✔] DNS Filter=ROUTER
 [: 0: unknown operand
         [✔] WAN: Use local caching DNS server as system resolver=NO
 [: 0: unknown operand
         [✔] Enable local NTP server=YES
         [✔] Enable DNS Rebind protection=NO
         [✔] Enable DNSSEC support=NO
 
         Options:
 
         [✔] unbound CPU/Memory Performance tweaks
         [✔] unbound-control FAST response ENABLED
 
         unbound Memory/Cache:
 
         'key-cache-size:'       8388608 (8.00 MB)
         'msg-cache-size:'       8388608 (8.00 MB)       0% used 41514   (40.54 KB)
         'rrset-cache-size:'     16777216 (16.00 MB)     0% used 144970  (141.57 KB)
 
         System Memory/Cache:
 
                      total       used       free     shared    buffers     cached
         Mem:        255700     143652     112048          0        544      15176
         -/+ buffers/cache:     127932     127768
         Swap:      1048572          0    1048572

Looks to be running:
unbound (pid #####) is running...
Statistics menu:

total.num.queries=17399                 total.num.expired=320                   total.requestlist.exceeded=0            total.tcpusage=0
total.num.queries_ip_ratelimited=0      total.num.recursivereplies=124          total.requestlist.current.all=0         msg.cache.count=156
total.num.cachehits=17275               total.requestlist.avg=1.24084           total.requestlist.current.user=0        rrset.cache.count=586
total.num.cachemiss=124                 total.requestlist.max=11                total.recursion.time.avg=0.061236       infra.cache.count=353
total.num.prefetch=449                  total.requestlist.overwritten=0         total.recursion.time.median=8.15789e-07 key.cache.count=23

Summary: Cache Hits success=99.00%

Can provide other logs upon request.

This tool is great, regardless of this issue I probably caused and big thanks for making it available.
I've scoured some volume of available docs, worried I missed something obvious, apologies if that's the case.

ETA: Just tweaked formatting for readablity.

mernamer commented

I fixed it!

Best guess: I changed the LAN DNS server to something other than the router for some reason, I updated it to blank (which sends it to the router). I changed it originally because I misunderstood the purpose of it on the LAN tab.

Explanation: LAN DNS server is for DHCP assignments, sending it anywhere other than the router (or your local DNS server, if you've moved it to another device for some reason), makes sense changing to something else would mess up a custom domain to a local address.

Also added to the conf, don't think this was the fix:
private-domain: my.domain.org

Also, did some digging on the many places you can update the DNS server:

  • LAN DNS - Again should have been blank, only for DHCP assignments
  • WAN DNS - Could point this to the router instead of using DNS Filter, haven't been able to test yet.

Could make so don't need to activate DNS Filter, but would lose ability to filter which devices use Unbound from the web interface, i.e., sometimes apps on smart TVs / Roku don't like custom DNS. There are other ways to route those devices, would just add some steps.

If adventures in avoiding DNS Filter is worthy of documentation, can update.