Text only | Text with Images

OPNsense Forum

English Forums => General Discussion => Topic started by: vladnik on May 04, 2026, 02:23:13 AM

Title: Multi-Site DNS with same domain (and DHCP registration)
Post by: vladnik on May 04, 2026, 02:23:13 AM
Hi all,

maybe some of the more experienced folks can give me some pointers...

What I have:
- 2 sites (soon to be 3) running OPNsense 26.1.7. with dnsmasq as DHCP and DNS server, no Unbound
- static DHCP/DNS entries configured in dnsmasq on both sites
- dnsmasq is configured to not be authoritative for the DNS domain example.com, and forward queries for example.com to the other sites' dnsmasq
  this works for resolving hostnames, but causes a loop in DNS query resolution which causes timeouts and slow resolution speed

The problem:
- nslookup looks like this (example from a client in site 1) and name resolution for internal services is slow in general
Code Select
# nslookup server01
Server: opnsense01
Address: 10.10.10.254

DNS request timed out.
timeout was 2 seconds.

Name: server01.example.com
Address: 10.10.10.235

What I want:
- multiple sites using the same DNS domain (example.com) for internal hosts
- forward and reverse lookups of DHCP static and dynamic leases in DNS across sites
  (i.e. nslookup server01(.example.com) from site1 lan and site2 lan, as well as nslookup <IP-Address> from site1 and site2 lan)
- no duplication of records (i.e. if I have a DNS record in site1 setup, I don't have to add it to site2 as well)
- ideally, a 'single source of truth' (currently dnsmasq) for DHCP and DNS per site

Here is my sanitized dnsmasq.conf from site1. site2 looks similar.
Code Select
# DO NOT EDIT THIS FILE -- OPNsense auto-generated file
#
rebind-localhost-ok
stop-dns-rebind
port=53
dhcp-fqdn
domain=example.com
dhcp-authoritative
# Never forward addresses in the non-routed address spaces.
bogus-priv
server=/example.com/10.20.20.254
rebind-domain-ok=/example.com/
# host entries flushed via dnsmasq_watcher.py [isc] and a dump of the static reservations
addn-hosts=/var/etc/dnsmasq-hosts
addn-hosts=/var/etc/dnsmasq-leases
dns-forward-max=5000
cache-size=10000
local-ttl=1
conf-dir=/usr/local/etc/dnsmasq.conf.d,*.conf
dhcp-range=tag:igc0,10.10.10.120,10.10.10.189,255.255.255.0,86400
domain=example.com,10.10.10.120,10.10.10.189
dhcp-host=aa:bb:cc:dd:ee:ff,10.10.10.190,device-xx
...
# default IPv4 DNS mapped to this server (0.0.0.0)
dhcp-option=6,0.0.0.0
# default IPv6 DNS mapped to this server (::)
dhcp-option=option6:23,[::]
no-ident

Text only | Text with Images