Results 1 to 1 of 1
  1. #1
    Master Untangler
    Join Date
    Dec 2018
    Posts
    225

    Default dnsmasq and rebind-domain-ok not working?

    I'm trying to get this working so that I can provision SSL certificates for UnRAID.

    From my understanding this should work if I put it at the top of Config --> Network --> Advanced --> DNS & DHCP, however, no matter what I try it won't work.

    I wound up getting the UnRAID certificate provisioning to work by bypassing my fiber ISP and sending all of this servers traffic through my 4G LTE Verizon backup internet provider instead which is using the same DNS providers as my fiber ISP.

    Once it's been created I can move the server back to my normal ISP and updates work like normal.

    ETA: Clarification....all traffic is still going through Untangle including the Verizon traffic so could my ISP be blocking it at an ISP level?

    Code:
    rebind-localhost-ok
    rebind-domain-ok=/unraid.net/myunraid.net/
    
    # Validate DNS replies and cache DNSSEC data. When forwarding DNS queries, dnsmasq requests the DNSSEC records needed to validate the replies. 
    # The replies are validated and the result returned as the Authenticated Data bit in the DNS packet. In addition the DNSSEC records are stored in the cache, 
    # making validation by clients more efficient. Note that validation by clients is the most secure DNSSEC mode, but for clients unable to do validation, 
    # use of the AD bit set by dnsmasq is useful, provided that the network between the dnsmasq server and the client is trusted. 
    # Dnsmasq must be compiled with HAVE_DNSSEC enabled, and DNSSEC trust anchors provided, see --trust-anchor. 
    #
    # Because the DNSSEC validation process uses the cache, 
    # it is not permitted to reduce the cache size below the default when DNSSEC is enabled. 
    #
    # The nameservers upstream of dnsmasq must be DNSSEC-capable, ie capable of returning DNSSEC records with data. If they are not, 
    # then dnsmasq will not be able to determine the trusted status of answers and this means that DNS service will be entirely broken.
    #
    # * NOTE: Your upstream DNS server must support DNSSEC.
    conf-file=/usr/share/dnsmasq-base/trust-anchors.conf
    dnssec
    
    # Set the size of dnsmasq's cache. The default is 150 names. Setting the cache size to zero disables caching. Note: huge cache size impacts performance.
    # * big enough to be useful
    cache-size=1000
    Last edited by jlficken; 06-03-2022 at 11:02 AM.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2