.Local Domain Support?

[ghost]

Many years ago, Microsoft encouraged the use of .local for Active Directory domains -- AD domains can't be renamed with Exchange in-place.

While I have a forward-zone in place for this domain, it doesn't resolve hostnames to an IP from a client using unbound for DNS.

The first example forwards correctly while the second does not resolve.

forward-zone:
	name: "example1.net."
	forward-addr: 10.10.20.14
	forward-addr: 10.10.20.8

forward-zone:
        name: "example2.local."
        forward-addr: 10.10.20.14
        forward-addr: 10.10.20.8

Using unbound 1.9.0.

[gthess]

There is no special handling for local. in unbound.
What do you see in the logs when trying to resolve a local subdomain? I assume you are getting SERVFAIL as the result?

I assume the server listening there is authoritative for that zone, in that case I would advise to use stub-zone: instead of forward-zone:. As also stated in the "Stub Zone Options" section of the man page (latest version here), if you are doing DNSSEC validation in unbound you would either need to:

• specify domain-insecure: for that domain, or
• add a trust anchor key for that domain in case you serve your own DNSSEC signed records there.

[ghost]

Perfect, stub-zone works great!

[polarathene]

.local is mDNS over port 5353 and AFAIK is completely unrelated to any typical DNS service, you'd use something like Avahi, although systemd-resolved also has mDNS support IIRC.

---

Someone had mentioned on Reddit of forwarding .local DNS queries to mDNS via Unbound, which isn't something I thought could be done? Android lacks mDNS support(unless you're the developer of the app and use certain APIs), so a web browser cannot make such queries, hence the advice given.

I did come across this potentially related PR, but I am lacking clarity on how to utilize it. I see no mention of plugins when searching for documentation for Unbound. There is little discussion on the PR, but it sounds like it'd allow for Unbound to get local device IPs if receiving a .local domain request from a device that doesn't use mDNS directly?

---

Seems that documentation for said "plugin" would be under "pythonmod", for which documentation presently requires manual generation locally: https://nlnetlabs.nl/documentation/unbound/pythonmod/

[gthess]

The aforementioned PR added example code to be used with the python module (module that executes python code during operation).
You can find the file at pythonmod/examples/avahi-resolver.py in the source folder or online.

This requires unbound to be compiled with python module support and some extra python packages in your Python installation.
Documentation on how to configure unbound and run the example can be found at the top of the file.

[polarathene]

As someone not familiar with Unbound or Python and how to use that with Unbound, I only browsed the public docs and wasn't particularly interested in building them locally to view anymore on the matter. There wasn't much information online when I did some searches on google. Unbound appears to be a solid choice for handling DNS, but for what I wanted to do I wasn't looking forward to attempting it as my first choice.

I came across CoreDNS and an external plugin for that. Possibly a similar situation, and while the docs weren't fantastic it was slightly more accessible for me. Cloned the repo, added the external plugin repo to a plugin.cfg file, ran three go commands to build a binary that the docs covered online, ran another command to verify that all went well and then tried out a basic config from some snippets.

Got it working, so I won't be trying out Unbound, I realize it's a niche feature but definitely an area that could be improved for less experienced users. No clue how long the online docs have stated the pythonmod docs have been in the "final stages", I assume it's been a while and may continue to be.