Hello, I’m new to vyos (installed it just a few days ago). I’m running VyOS 1.5-rolling-202406270020.
I’m trying to get dns authoritative-domain to work, but to no avail. It works as a forwarding DNS, but ignores my records. I did try restart dns. Even on the vyos box itself, host test.home.lan 127.0.0.1 returns NXDOMAIN.
$ host google.com 192.168.10.1
Using domain server:
Name: 192.168.10.1
Address: 192.168.10.1#53
Aliases:
google.com has address 142.250.186.206
google.com has IPv6 address 2a00:1450:401b:80d::200e
google.com mail is handled by 10 smtp.google.com.
$ host test.home.lan 192.168.10.1
Using domain server:
Name: 192.168.10.1
Address: 192.168.10.1#53
Aliases:
Host test.home.lan not found: 3(NXDOMAIN)
my vyos config
firewall {
group {
}
ipv4 {
name lan-to-wan {
default-action accept
default-log
rule 1 {
action accept
}
}
name wan-to-any {
default-action drop
rule 1 {
action accept
state established
state related
}
}
}
zone lan {
from wan {
firewall {
name wan-to-any
}
}
interface br0.10
}
zone wan {
from lan {
firewall {
name lan-to-wan
}
}
interface eth7
}
}
interfaces {
bridge br0 {
enable-vlan
member {
interface eth0 {
allowed-vlan 10
native-vlan 10
}
}
vif 10 {
address 192.168.10.1/24
description lan
}
}
ethernet eth0 {
hw-id 11:22:33:44:55:66
description LAN
offload {
gro
gso
sg
tso
}
}
ethernet eth7 {
address dhcp
hw-id 77:88:99:aa:bb:cc
description WAN
offload {
gro
gso
sg
tso
}
}
loopback lo {
}
}
nat {
source {
rule 100 {
outbound-interface {
name eth7
}
translation {
address masquerade
}
}
}
}
service {
dhcp-server {
shared-network-name lan {
authoritative
subnet 192.168.10.0/24 {
option {
default-router 192.168.10.1
name-server 192.168.10.1
}
range 0 {
start 192.168.10.100
stop 192.168.10.199
}
subnet-id 10
}
}
}
dns {
forwarding {
allow-from 192.168.10.0/24
allow-from 127.0.0.0/8
authoritative-domain home.lan {
records {
a test.home.lan {
address 100.123.123.123
}
}
}
cache-size 0
listen-address 192.168.10.1
listen-address 127.0.0.1
name-server 1.1.1.1 {
}
}
}
ntp {
allow-client {
address 127.0.0.0/8
address 169.254.0.0/16
address 10.0.0.0/8
address 172.16.0.0/12
address 192.168.0.0/16
address ::1/128
address fe80::/10
address fc00::/7
}
server time1.vyos.net {
}
server time2.vyos.net {
}
server time3.vyos.net {
}
}
ssh {
disable-password-authentication
listen-address 192.168.10.1
port 22
}
}
system {
config-management {
commit-revisions 100
}
console {
device ttyS0 {
speed 115200
}
}
host-name warpgate
login {
user bonus {
authentication {
public-keys yubi {
key ****************
type ssh-rsa
}
}
}
}
name-server 1.1.1.1
syslog {
global {
facility all {
level info
}
facility local7 {
level debug
}
}
}
}
/run/pdns-recursor/recursor.conf
### Autogenerated by service_dns_forwarding.py ###
# XXX: pdns recursor doesn't like whitespace near entry separators,
# especially in the semicolon-separated lists of name servers.
# Please be careful if you edit the template.
# Non-configurable defaults
daemon=yes
threads=1
allow-from=192.168.10.0/24,127.0.0.0/8
log-common-errors=yes
non-local-bind=yes
query-local-address=0.0.0.0,::
lua-config-file=/run/pdns-recursor/recursor.conf.lua
# cache-size
max-cache-entries=0
# negative TTL for NXDOMAIN
max-negative-ttl=3600
# timeout
network-timeout=1500
# ignore-hosts-file
export-etc-hosts=yes
# listen-address
local-address=192.168.10.1,127.0.0.1
# listen-port
local-port=53
# dnssec
dnssec=process-no-validate
# serve-stale-extensions
serve-stale-extensions=0
# serve rfc1918 records
serve-rfc1918=yes
# zones
auth-zones=home.lan=/run/pdns-recursor/zone.home.lan.conf
forward-zones-file=/run/pdns-recursor/recursor.forward-zones.conf
#ecs
/run/pdns-recursor/zone.home.lan.conf
;
; Autogenerated by service_dns_forwarding.py
;
test.home.lan 300 A 100.123.123.123
