I am trying to implement parental controls using opnsense (which works great in general) and opendns.
I have two relevant VLAN:
Each has their own DHCP & network range - so that works fine.
Both point to unbound where I can add openDNS as upstream DNS. I need unbound so we get local resolution (local minecraft server, plex, ...).
I tried to point one to unbound and one to dnsmasq but that didn't work properly - I could only run one at a time.
I wish there was a way to split DNS for both networks and preserve local DNS? Any ideas? Thank you!
I would look into running bind9 and then using views to separate adult requests and child requests.
Should be pretty straightforward since you have separate networks.
Traffic from X network gets this view and forwarders.
Traffic from Y network gets this view and these forwarders.
Note: I've not used the bind package on opnsense so what I just recommended might be of no use since it may or may not support views.
Note2: Just installed it for a quick look. Doesn't appear to support views from the GUI. Maybe you can still tinker with things via CLI.
Any chance you can run a separate server to handle serving DNS queries?
Hi, you can also use views with unbound.
br
Unbound currently does not support different forwarders based on source IP address:
https://github.com/NLnetLabs/unbound/issues/210
That would be clearly the nicest way to do it.
Bind is a little bit overkill and the way it is integrated in opnsense doesn't seem to be easy for this (it would be great instead of opendns though) and also got this notice:
This port is deprecated; you may wish to reconsider installing it:
End of life, please migrate to a newer version of BIND9.
I guess I stick with the proxy solution for now
I would try the following way
- activate dnsmasq on another port (1053 for example)
- remove the unbound binding to the kids network and
- add a portforwarding from tcp/udp 53 to ocalhost 1053 to the interface from the kids network.
- add the forwarder to the advanced settings of dnsmasq
server=1.1.1.2