‹ back home

Resolve .local mDNS domains via avahi using unbound

2025-12-16 #alpine #how-to #mdns

I want local applications (e.g.: SSH, Firefox, etc) to resolve .local domains using mDNS, so that devices can find each other via multicast.1

I run Unbound as a DNS resolve, and I will configure it to delegate the .local to a avahi2dns. avahi2dns uses D-Bus to talk to Avahi for the actual resolution. There are several layers and processes involved due to the lack of a dedicated solution: an mDNS proxy which just exposes a local DNS interface.

Setup

Configure unbound to resolve .local domains using mDNS via avahi.

apk add avahi avahi2dns
rc-update add avahi-daemon
rc-update add avahi2dns
service avahi-daemon start
service avahi2dns start

Add the following to /etc/unbound/unbound.conf.d/avahi-local.conf:

forward-zone:
	name: "local"
	forward-addr: 127.0.0.1@5354
server:
	do-not-query-localhost: no
	domain-insecure: "local"

Finally, reload unbound:

service unbound reload

  1. This can be insecure on networks with untrusted hosts. It is important that both parties properly authenticate each other: by using known SSH host keys, a trusted CA for TLS, etc. ↩︎

Have comments or want to discuss this topic?
Send an email to my public inbox: ~whynothugo/public-inbox@lists.sr.ht.
Or feel free to reply privately by email: hugo@whynothugo.nl.

— § —