OPNsense Forum

English Forums => General Discussion => Topic started by: jaullo on May 22, 2020, 11:19:54 pm

Title: Internal DNS Server Query resolve
Post by: jaullo on May 22, 2020, 11:19:54 pm

Hello,

I'm new to opnsense and i would like to know if there is way to allow my servers to query my LAN enterprise DNS.
This is what i have made for now

Config a:
Unbound DNS: ENABLE
Networ interfaces: all
Wan interfaces all:
DNS Query Forwarding : on
Inside system, settings i have two dns: 8.8.8.8 for google and 10.129.20.X for my lan

Result: i can navigate throught internet but i can not acces my lan dns names, examplo: https://srv-sate.domain.com

Config b
Unbound DNS: ENABLE
Networ interfaces: all
Wan interfaces all:
Custom options with:
server:
forward-zone:
name: "."
forward-ssl-upstream:yes
forward-addr: 1.1.1.1@853   #CloudFlare
forward-addr: 1.0.0.1@853   #CloudFlare
forward-addr: 9.9.9.9@853   #Quad9
forward-addr: 149.112.112.112@853   #Quad9
forward-addr: 185.228.168.168@853   #CleanBrowsing
forward-addr: 185.228.169.168@853   #CleanBrowsing
forward-addr: 8.8.8.8@853   #Google
forward-addr: 8.8.4.4@853   #Google
forward-addr: 80.80.80.80@853   #Frenom
forward-addr: 80.80.81.81@853   #Frenom
forward-addr: 10.129.20.x@853    #Internal
forward-addr: 10.3.104.x@853   #Internal

Result: i can navigate throught internet but i can not acces my lan dns names, example: https://srv-sate.domain.com

If i go to interfaces --> Diagnostics --> DNS LOOKUP and test https://srv-sate.domain.com
I got response from my local lan server 10.129.20.x

Type   Address
A   172.31.40.x

Any Idea what i'm doing wrong or what else i need to make it work

Thanks

Title: Re: Internal DNS Server Query resolve
Post by: johnsmi on May 23, 2020, 12:18:04 am

Your internal DNS-server knows the internal names, the external servers know about the other ones.

The answer is either cached, or forwarded to the external server or forwarded to the internal server. You'd need to be lucky getting the internal server for lan-adresses.


You can either forward ALL queries to your internal server and let that one resolve internal and internet names
or
create forward-zones for your internal names with the internal server and a default zone like in 'Config b'.



Another option for only a few names would be overrides.