Hi,
I want to forward DNS-Requests from BIND to DNSCrypt-Proxy.
But BIND only allow to set IP-Adresses ipv4 and ipv6 without special Port.
I want to forward to 127.0.0.1:5353 and [::1]:5353
but this is only possible by editing /usr/local/etc/namedb/named.conf.
But when system is change settings, the config will be overwritten
and in my network, no dns is possible....
Is there a workaround or future-request to set ports to forward-adresses ?
Greets
Byte
imo for workaround (if you plan to request this feature) you can play with template
i think its
/usr/local/opnsense/service/templates/OPNsense/Bind/named.conf
and set port there
Yes, I wrote this as workaround.
But, when you push SAVE on BIND settings, or somthing is going on on opnsense (restart or else) its overwritten and my network has no DNS-Server.
Greets
Byte
are you sure you read the path carefully?
its template. its not overwritten ever (plugin reinstall does not count). it contains instrutions to fill .conf based on settings
OK, thanks,
found
{% if helpers.exists('OPNsense.bind.general.forwarders') and OPNsense.bind.general.forwarders != '' %}
forwarders { {{ OPNsense.bind.general.forwarders.replace(',', '; ') }}; };
and replaced forwarders line to:
forwarders { 127.0.0.1 port 5353; ::1 port 5353; };
that seems to work!
Greets
Byte
I originally modified the BIND template to accomplish this exact same setup of BIND forwarding to dnscrypt-proxy, but decided to go another route.
I added an IP Alias to interface Loopback of 127.0.0.2, then modified dnscrypt-proxy to listen on 127.0.0.2:53 and ticked the "Allowed Privleged Ports" option, works a treat!