I ran into an issue with the Unbound DNS resolver on my pfSense router where FQDNs aliased to private IP address ranges were being cleansed and returned as empty. After some digging into the system logs, it was clear that the Unbound process was sanitizing public DNS entrees pointing to private IP address spaces with the following debug message:
sanitize: "removing public name with private address"
According to the Unbound documentation, one may define
private-domain options to specify a top-level domain which the resolver will allow private IP addresses to be returned from.
private-domain: <domain name> Allow this domain, and all its subdomains to contain private addresses. Give multiple times to allow multiple domain names to contain private addresses. Default is none.
Unfortunately, the pfSense web interface does not have a nice front-end for adding these to the configuration. Luckily, under
General Settings, additional configuration can be added in the
Custom options text area.
The following option will allow resolving private addresses for the top level and any domain under example.com:
server: private-domain: example.com