OPNsense Forum

Archive => 21.1 Legacy Series => Topic started by: lk on April 03, 2021, 06:18:08 pm

Title: Running another instance of DNS resolver bound to a different interface?
Post by: lk on April 03, 2021, 06:18:08 pm

Hi all, hope this topic is on the correct forum.

I have two network segments, "clean" and "dirty". Currently I have a local DNS resolver (Unbound) running without any special filtration or configuration, but I would like to restrict DNS access from the dirty segment using overrides and blacklists (as well as prevent local DHCP issued hostnames from leaking from the clean segment) while leaving the clean segment unrestricted.

Based on that, I was wondering whether it was possible in OPNsense to run another resolver instance (from GUI or configured by hand) that could be configured separately. Or is this even the best way to approach this?

GUI configuration options don't seem to give the level of flexibility that would be needed in this, which led me to thinking that two separate instances with their own configurations could be the best way.

I'd say I'm quite familiar with Unix administration and could do this on a "vanilla" OS, but I'm a noob when it comes to OPNsense. So what I'm now mostly after is a way to achieve this without blowing up OPNsense's GUI or internals =) Any help is appreciated.

Edit: to add, the "dirty" segment is a separate segment in its own VLAN and the resolver would be bound to the VLAN interface, so it could be the default resolver for that segment.

Title: Re: Running another instance of DNS resolver bound to a different interface?
Post by: lk on April 03, 2021, 07:09:13 pm

Well, I thought I had read the manual, but to answer myself and if anyone ever stumbles here in the future: https://docs.opnsense.org/manual/unbound.html#advanced-configurations

I haven't really done it yet, though, but I guess if there is a way to configure this, it can be sorted out with the help of the manual.

So, sorry for the noise.