Hi everyone,
I have set up my opnsense with 3 networks: 192.168.X.X/24. The Web-Interface for my firewall "fw01" is only reachable under the 192.168.1.1 interface, yet somehow when I'm using the hostname it either resolves to 192.168.2.1 or 3.1. Is there a way to prevent the DNS server from doing that? I would like to be able to only server answers for the specific interface, not all of them.
Greetings
Sam
Hi Sam,
I did face the same problem as yourself in the past. The solution is if you are using unbound to resolve your DNS requests is to use 'access-control-view' records - there might bo something similar for the other DNS servers as well.
Under /usr/local/etc/unbound.opnsense.d create a .conf file (local.conf for example) with something like
access-control-view: 192.168.1.1/24 lan
view:
name: "lan"
local-data: "fw01 IN 192.168.1.1"
view-first: yes
Reload unbound and you should be good.
Go to Unbound DNS > General settings and look for the option "Do not register system A/AAAA records". Enable that and then set up a manual override for how you want the desired hostname to resolve.