Hello, I use Unbound with OPNsense. I have secured a domain with DNSSec, its DNS server being on the WAN. It has an office.domain.com subdomain (A record)
I also have a local DNS server where that subdomain is set, so it resolves locally to local IPs. So I am adding a domain override in Unbound as such, which is as such in the configuration: private-domain: "office.domain.com" domain-insecure: "office.domain.com" forward-zone: name: "office.domain.com" forward-addr: 10.25.65.16 And I get this error in Unbound: 2021-06-23T20:57:39 unbound[60568] [60568:1] info: NSEC3s for the referral proved no delegation 2021-06-23T20:57:39 unbound[60568] [60568:1] info: resolving office.domain.nc. DS IN 2021-06-23T20:57:39 unbound[60568] [60568:1] info: query response was ANSWER 2021-06-23T20:57:39 unbound[60568] [60568:1] info: reply from <office.domain.nc.> 10.25.65.16#53 2021-06-23T20:57:39 unbound[60568] [60568:1] info: response for office.domain.nc. A IN 2021-06-23T20:57:39 unbound[60568] [60568:1] info: resolving office.domain.nc. A IN I understand that error. If I disable the DNSSec feature in unbound, it works. But I am wondering if there is anyway to work around that (without disabling DNSSec checking), and have unbound give back the ANSWER returned by that local DNS server ? Regards -- Laurent [email protected]
