i have setup multiple vlans. I have created a management vlan which provides access to the admin interfaces of all equipment.
In Opnsense at System => Administration => Settings, I have configured the Listen Interfaces for the Web GUI to the management interface.
Now I can reach it (from a workstation that also is in the management vlan) properly by ip-address 192.1xx.<managementvlan>.1, but resolving it in dns returns 192.1xx.<servervlan>.1.
For DNS I'm using a pihole that has unbound as its upstream DNS server; unbound is on the opnsense box as a resolver. Pihole and unbound also are in the server vlan.
Why does it resolve on the server vlan, is that because pihole uses ubound and both are in there too?
Should I just add an override to pihole to resolve to the management vlan (which seems to work), or is there a better solution?
Check if Unbound resolves to the correct IP address: nslookup [OPNsense FQDN] [OPNsense MGMT Interface IP]
If yes, than the PiHole seems to have an (static) record which resolves to the wrong IP address.
I've enabled the "Do not register system A/AAAA records" under Services: Unbound DNS: General, and created a static record in Unbound for my OPNsense.
If "Do not register system A/AAAA records" is disabled, Unbound registers the configured name under "System: Settings: General" for all listening interfaces.
Thanks!
Unbound just reported the ip of the interface on which you asked it. So from the management vlan I got the management ip-address, but from the server vlan (thus pihole) unbount returned the ip that opnsense has on the server vlan.
I solved it as you do: enable the mentioned setting and add an override. Now when I'm in the pihole container the pihole returns the ip-address of the firewall at the management vlan.