OPNsense Forum

Hi

Is there a way to configure a third DNS?

For our remote sides i would like to configure our two central DNS Servers, and the Firewall if the VPN ist down.

Can someone help meh here?   :)

I haven't tested but I think it should be possible with additional options in DHCP config.

DNS would be number 6 as per: https://www.iana.org/assignments/bootp-dhcp-parameters/bootp-dhcp-parameters.xhtml

Quote from: sorano on March 16, 2021, 10:16:07 PM
I haven't tested but I think it should be possible with additional options in DHCP config.

DNS would be number 6 as per: https://www.iana.org/assignments/bootp-dhcp-parameters/bootp-dhcp-parameters.xhtml

Hi Sorano

thx for your reply

No luck so far, with: Numer= 6 or 5 / Type= IP adress or host / Value 10.101.1.1

Quote from: t.kayser on March 15, 2021, 08:18:37 PM
Is there a way to configure a third DNS?

Hi, I had the same issue.

I needed to configure 3 IPs:   192.168.0.10, 192.168.0.20, 192.168.0.1

You can use the additional options (ignore the 2 DNS fields)

Number: 6
Type: string
Value:
convert the numeric IPs to their hex value and concatenate them in the order you require, for example for the IPs I mentioned above the value is:
c0:a8:00:0a:c0:a8:00:14:c0:a8:00:01

I had trouble understanding the instructions but now that I have it working, I wanted to help elucidate.

RFC 2132 (http://"https://www.rfc-editor.org/rfc/rfc2132.html") 3.8 says use option "6", minimum length is 4 octets, and length must always be a multiple of 4 [octets]. Servers should be listed in order of preference.

Convert the individual IP addresses you want with a Hex to IP converter

• e.g:
  192.168.0.1 = c0:a8:00:01
  192.168.0.2 = c0:a8:00:02
  192.168.0.3 = c0:a8:00:03
  Some tools use periods[.] instead of colons[:]. Ensure you replace any symbol with colon[:]
• In the order of server preference, concatenate the hex values together using colon[:] as the separator, e.g.
  192.168.0.1 + 192.168.0.2 + 192.168.0.3 =
  c0:a8:00:01:c0:a8:00:02:c0:a8:00:03

In the OPNsense GUI, under DHCPv4 configuration:

• Leave the GUI option for DNS Servers blank
• Expand Additional Options
• Input 6 into the Number field
• Change Type to string
• Enter the concatenated string into value, e.g. c0:a8:00:01:c0:a8:00:02:c0:a8:00:03
• Save, renew IP, check. In Windows, that would be ipconfig /renew; ipconfig /all

Troubleshooting

• In Windows, ipconfig /renew will return: "An error occured while renewing interface <your interface> : The data is invalid." if your configuration is incorrect, e.g. using multiple line entries will override with the last entry instead of giving you multiple servers.
• If you only see one address, you probably didn't clear the GUI fields, or you only entered one set of octets.
• If you want to verify the hex values we've used, split the string back into 4 octets or you'll get a 0.0.0.xx when converting the concatenated string to IP

Thanks for the assistance @xbb et al. :)