The pfSense Store

Author Topic: Wildcard DNS entries  (Read 10990 times)

0 Members and 1 Guest are viewing this topic.

Offline tommyboy180

  • Hero Member
  • *****
  • Posts: 978
  • Karma: +6/-0
    • View Profile
Wildcard DNS entries
« on: December 09, 2011, 09:47:56 am »
If you need a wildcard in your DNS forwarder (*.domain.com)


   1. Log in to pfSense 2.0 instance via the web interface.
   2. Go to Services-> DNS Forwarder (http://pfSensense_url/services_dnsmasq.php)
   3. Click the Advanced button Add as many of the following as you need, each entry on a new line.

      address=/dev/127.0.0.1

Where dev is the end of the wildcard entry, and 127.0.0.1 is the ip that these wildcard names will resolve to. Think of dev as *.dev, but only list the part after the dot. So myhost.dev, myhost.subdomain.dev, and anything else that ends in .dev and is not defined elsewhere, will resolve to the ip provided.

So if you need *.com then the corresponding line will look like

      address=/com/127.0.0.1


Credit: http://serverfault.com/questions/321563/how-can-i-setup-a-wilcard-dns-entry-on-pfsense
Thank you Scott
« Last Edit: February 13, 2015, 01:19:08 pm by dvserg »
-Tom Schaefer
SuperMicro 1U 2X Intel pro/1000 Dual Core Intel 2.2 Ghz - 2 Gig RAM

Please support pfBlocker | File Browser | Strikeback

Offline doktornotor

  • Hero Member
  • *****
  • Posts: 6530
  • Karma: +603/-193
    • View Profile
Re: Wildcard DNS entries
« Reply #1 on: February 13, 2015, 01:39:49 pm »
Howto for DNS Resolver (Unbound):

1. Go to Services -> DNS Resolver
2. Add the desired wildcard entries to the Advanced box:

Code: [Select]
server:
local-zone: "example.com" redirect
local-data: "example.com 3600 IN A 192.0.2.1"

Documentation: unbound.conf(5)

Code: [Select]
redirect
                 The query is answered from the local data for the zone  name.
                 There  may  be  no  local  data  beneath the zone name.  This
                 answers queries for the zone, and all subdomains of the  zone
                 with the local data for the zone.  It can be used to redirect
                 a domain to return a different  address  record  to  the  end
                 user,    with   local-zone:   "example.com."   redirect   and
                 local-data: "example.com. A 127.0.0.1" queries for  www.exam-
                 ple.com and www.foo.example.com are redirected, so that users
                 with web browsers  cannot  access  sites  with  suffix  exam-
                 ple.com.

Offline Yowsers

  • Jr. Member
  • **
  • Posts: 25
  • Karma: +5/-0
    • View Profile
Re: Wildcard DNS entries
« Reply #2 on: May 08, 2015, 07:23:40 am »

Offline Supermule

  • Hero Member
  • *****
  • Posts: 2542
  • Karma: +77/-100
    • View Profile
Re: Wildcard DNS entries
« Reply #3 on: May 08, 2015, 07:42:06 am »
I cant get it to work
Kind regards Brian


Offline fossum_13

  • Newbie
  • *
  • Posts: 1
  • Karma: +0/-0
    • View Profile
Re: Wildcard DNS entries
« Reply #4 on: October 14, 2015, 05:05:29 pm »
Seems that if you try the above for pfSense 2.2.4 with an unbound resolver, you will get a duplicate zone error...

Code: [Select]
unbound: [42597:0] warning: duplicate local-zone
unbound: [42597:0] error: could not enter zone mydomain.ddns.net transparent
unbound: [42597:0] fatal error: Could not set up local zones

if I just use the last line (suggested by the wiki), it starts successfully. From an external IP dig doesn't seem to like it and the wildcard still doesn't work...

Code: [Select]
[user@localhost /]$ dig @mydomain.ddns.net ubuntu64.mydomain.ddns.net

; <<>> DiG 9.10.2-P4-RedHat-9.10.2-5.P4.fc22 <<>> @mydomain.ddns.net ubuntu64.mydomain.ddns.net
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 24562
;; flags: qr rd ad; QUERY: 0, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: recursion requested but not available

;; Query time: 157 msec
;; SERVER: 73.239.107.170#53(73.239.107.170)
;; WHEN: Wed Oct 14 15:01:32 PDT 2015
;; MSG SIZE  rcvd: 12

[user@localhost /]$

FYI - I have opened TCP/UDP 53 in the firewall

Offline Criggie

  • Jr. Member
  • **
  • Posts: 79
  • Karma: +9/-0
    • View Profile
Re: Wildcard DNS entries
« Reply #5 on: January 26, 2016, 10:33:37 pm »
This is in the wiki as well.
https://doc.pfsense.org/index.php/Wildcard_Records_in_DNS_Forwarder/Resolver

Yes - and that page also misses a big gotcha.

As someone coming from dnsmasq / "forwarder"  I had multiple host overrides too.

Unbound / resolver refuses to start if you set up a wildcard subdomain AND have host overrides that match.  So you need to delete all the host overrides that use the same subdomain. 

If you want to override a host in your domain override with unbound, best to do it on the resolver at which you are pointing.