OPNsense Forum

Archive => 19.1 Legacy Series => Topic started by: incirrata on March 27, 2019, 04:26:08 pm

Title: Limiting cross-interface DNS in Unbound
Post by: incirrata on March 27, 2019, 04:26:08 pm

Hi all, I'm setting up a guest Wi-Fi network in OPNsense. All Wi-Fi is handled via the PUBLIC interface, and I use firewall rules to prevent any traffic from reaching my LAN interface PRIVATE. However, I'm using Unbound DNS  on both interfaces. PUBLIC users could still get the IP of PRIVATE hosts using nslookup, ping, etc. Is there any way to prevent that?

How it currently is:

• PUBLIC host nslookups PRIVATE host
• IP address of PRIVATE host is displayed

How I'd like it:

• PUBLIC host nslookups PRIVATE host
• ** server can't find [PRIVATE host]: NXDOMAIN

Title: Re: Limiting cross-interface DNS in Unbound
Post by: sbuckmann on April 14, 2019, 08:12:00 am

Similar problem here. My OPNsense has several network zones; resolving the router ip via nslookup/dig delivers all router ip addresses of all interfaces.

Title: Re: Limiting cross-interface DNS in Unbound
Post by: Mks on April 14, 2019, 08:47:33 am

Hi.
I'm using for Guest network public DNS resolver.
DNS queries to Guest interface (Unbound) are denied.

Br