Hi folks:
Curious if anyone else has tried this. I'm patched current on 16.1.
Using DNS Resolver (unbound, I believe), I've tried to add manual override AAAA records. This works for A records, and nicely adds PTR records as well, but when I try to add AAAA overrides nothing happens. The interface seems to be buggy in that it displays AAA instead of AAAA, and it doesn't show the IP. If I check in the /var/unbound/host_entries.conf file, there are no AAAA records apart from localhost.
Attached a screenshot showing the summary view. Happy to provide more info if it is helpful.
Seems like this was a feature added fairly recently--has no one tested ipv6?
https://github.com/opnsense/core/pull/519
I typically don't log bug reports as I usually cause my own problems, but that doesn't seem the case this time. Should I be logging a bug?
What would it take to add a NSD daemon, even if I have to manage the config via the shell? Is there a better way to be doing what I want (internal IPv6 resolution)?
Hi there,
Likely a bug. Manuel worked on this and does not have time nowadays, but I will look at it. :)
bind is also installed, you can use it like on FreeBSD... https://docs.freebsd.org/doc/6.1-RELEASE/usr/share/doc/handbook/network-bind9.html
Caution, old docs, it's since a port and RC vars/script names may differ.
Cheers,
Franco
Here's the current script and vars... https://github.com/opnsense/ports/blob/master/dns/bind910/files/named.in#L12-L27
The following solves it, queued up for release in 16.1.16 next week.
https://github.com/opnsense/core/commit/217c0c9b35d3
Thanks,
Franco
Wow, thanks Franco. That fixes the display and configuration missing problems?
As far as using bind goes, was hoping to avoid it. I'm guessing that would mess with the config backups that you guys have set up unless there is a 'nice' way to make changes in the backend.
Also, was thinking of building something to enable a poor-man's DDNS for ipv6. Was thinking that I could combine the DHCPv4 lease information, with the NDP cache information (using MAC as the common point). How would I add something like that so it gracefully updates unbound? If there is docs you can refer me to, that's fine. I haven't found the right starting point.
So far really liking opnsense--I jumped from openbsd. Rolling your own is sometimes more flexible, but using something like opnsense makes the tedious parts of a firewall easy, allowing you to create more advanced problems :)
Thanks!
It's a database issue of sorts, you need to reedit and save the entries that say "AAA". After a unbound apply/restart it would work again.
We have a new patch tool for this, but it didn't make its way into 16.1.15, so either editing manually /usr/local/www/services_unbound_host_edit.php:113 or fetching like below should work:
# cd /usr/local/www
# fetch https://raw.githubusercontent.com/opnsense/core/217c0c9b35d/src/www/services_unbound_host_edit.php
Thanks for the feedback. It's still nowhere near as flexible as OpenBSD can be, but we're getting there step by step. :)
Would RFC 2136 be an option for your use case?
Maybe, I haven't thoroughly researched the RFC's to understand which are in scope. Looks like 2136 and 3007 may both be relevant.
Basically, I want my clients' ipv6 IP's to be automatically registered in my internal DNS. My preference would be for it to happen server side so I don't have to trust and configure the clients, but that creates a problem when doing SLAAC (as the server doesn't issue the IP).
I tried running Managed DHCPv6, but it looks like many of my clients don't support it (and I'm not sure if it even sends hostname in the DHCP requests). So I thought of using NDP, and combining that data with ipv4 DHCP lease data. That would largely work in a dual stack environment, but quits when you turn off IPv4. Possibly an acceptable compromise for now.
Thoughts?