OPNsense Forum

Archive => 24.1, 24.4 Legacy Series => Topic started by: awado on February 29, 2024, 09:13:17 PM

Title: DNS aliases for WAN hostnames
Post by: awado on February 29, 2024, 09:13:17 PM
Hello,

couldn't find any hint in the documentation. Maybe someone can help? From some LAN clients I need to reach some WAN sites under different DNS names. For example host.somedomain.com should be reachable by server1.somedomain.com, server2.somedomain.com, server3.somedomain.com and so on. Sometimes these hosts have dynamic IPs, so IP aliases won't help here. Any hints would be great.

Awado
Title: Re: DNS aliases for WAN hostnames
Post by: CJ on March 01, 2024, 12:40:39 AM
There's not a simple way to do it in OPNsense, but I'm curious what you're use case is for this.  What are you trying to accomplish?
Title: Re: DNS aliases for WAN hostnames
Post by: awado on March 01, 2024, 12:46:04 PM
 :'(

I'm using LibreNMS for monitoring. Each host needs an unique dns name there. This is okay, if every server or service has its own IP. But this cannot be accomplished over WAN, where I use SNMP proxying behind a single WAN IP on the target site. For example, there are some VMs behind a WAN address I want to monitor via SNMP. A single port 161 is openend on the target router and a SNMP proxy behind splits requests by their community string to each vm.

It's kind of a cname feature in terms of DNS.
Title: Re: DNS aliases for WAN hostnames
Post by: devilkin on March 01, 2024, 12:55:37 PM
Wouldn't there be a possibility to use some form of dyndns system (eg. Gandi has their own) to register the different hostnames, which are all CNAMES pointing at a haproxy setup, which then listens on port 161 and forwards the traffic based on the hostname? SNMP can use TCP, so this should work, I think.

Per server required you just have to register the necessary CNAME record.
Title: Re: DNS aliases for WAN hostnames
Post by: Patrick M. Hausen on March 01, 2024, 01:18:31 PM
This works only for protocols that embed the hostname in the request, like HTTP and HTTPS. SNMP does not do that.

You could use a separate port for each target host.
Title: Re: DNS aliases for WAN hostnames
Post by: awado on March 01, 2024, 01:21:17 PM
Yes, a DNS provider would be my last resort. Another idea was to setup something on the LibreNMS VM that does something cname-like. As /etc/hosts uses IPs it is of no use there. Not sure, if dnsmasq would be an option.
Title: Re: DNS aliases for WAN hostnames
Post by: awado on March 01, 2024, 01:24:32 PM
Quote from: Patrick M. Hausen on March 01, 2024, 01:18:31 PM
You could use a separate port for each target host.

Won't help much, as different ports would use the same hostname.
Title: Re: DNS aliases for WAN hostnames
Post by: Patrick M. Hausen on March 01, 2024, 01:41:03 PM
You can use a DynDNS provider to get one hostname pointing to your ip address, let's name it

myname.do.main

and then in your DNS settings statically define as many aliases as needed:

device-a.do.main. IN CNAME myname.do.main.
device-b.do.main. IN CNAME myname.do.main.
device-c.do.main. IN CNAME myname.do.main.
device-d.do.main. IN CNAME myname.do.main.
...

And last use for SNMP:

device-a.do.main:1161
device-b.do.main:2161
device-c.do.main:3161
device-d.do.main:4161
...

Or some such.
Title: Re: DNS aliases for WAN hostnames
Post by: awado on March 01, 2024, 01:45:01 PM
Ah, got your idea. Thanks for your efforts. Yes, that's what I had in mind it nothing else would work. The downside is the ability to manage that as there are a few dozens. That's why I'm hoping for a local solution.
Title: Re: DNS aliases for WAN hostnames
Post by: Patrick M. Hausen on March 01, 2024, 02:02:19 PM
VPN? Connect the networks behind the firewalls ... needs one central hub with a static IP address to be reliable.
Title: Re: DNS aliases for WAN hostnames
Post by: awado on March 01, 2024, 02:55:15 PM
Unfortunately VPN is not an option. Most of the clients do not have enough ressources for a vpn and its routing. It's really stupid that LibreNMS doesn't allow redundant hostnames.