OPNsense Forum

English Forums => Tutorials and FAQs => Topic started by: Durere on August 22, 2023, 07:55:40 pm

Title: Internal name resolution for LDAPS
Post by: Durere on August 22, 2023, 07:55:40 pm

Hi

I have an opensense configured with the following DNS servers 1.1.1.1 and 8.8.8.8
Setting up 192.168.x.y as the DNS is not a good option, I prefer to use something external.

Can someone please let me know how can I set a hostname entry (similar to /etc/hosts) so i can map internal server dc1.domain.com to internal ip 192.168.x.y so i can use LDAPS authentication on 636 instead of clear text 389 LDAP?

Thank you

Title: Re: Internal name resolution for LDAPS
Post by: Monviech on August 23, 2023, 06:28:03 am

One way to do it:

- Enable Unbound DNS in Services: Unbound DNS: General and Apply, dont change anything else here. Listening interfaces have to be "all".
- Goto Services: Unbound DNS: Query Forwarding and input the forwarding IP Addresses, in your case 1.1.1.1 and 8.8.8.8. Make sure that "Use System Nameservers" is unchecked.
- Add 127.0.0.1 as nameserver for the firewall in System: Settings: General
- Add your own DNS entries into Services: Unbound DNS: Overrides: Host Overrides
- Test it in Interfaces: Diagnostics: DNS Lookup

Title: Re: Internal name resolution for LDAPS
Post by: CJ on August 23, 2023, 02:00:40 pm

You don't need to add 127.0.0.1 in System->Settings->General.  Just make sure that "Do not use local DNS" is unchecked.

If you're going to use Cloudflare and Google you should add both of their IPs to your config in order to take advantage of them all.