OPNsense Forum
Archive => 21.7 Legacy Series => Topic started by: bunchofreeds on August 12, 2021, 03:15:12 am
-
Hi,
Whats the best way to configure a Private Domain 'plex.direct' within unbound in 21.7.1
It used to be done using custom options.
I've found Services>Unbound DNS>Blocklist>Private Domains but need help as this does not work on its own it seems.
Do I need to 'enable the use of DNS Blocklists' and also choose a DNSBL?
If so, which one??
Thanks for any help with this.
-
Or do I need to create a .conf file?
https://docs.opnsense.org/manual/unbound.html
I tried this by creating a plex.conf and placing in the correct folder.
Restarted Unbound
No success
I'm confused...
-
Can anyone please help with more info about this?
https://forum.opnsense.org/index.php?topic=23929.msg116361#msg116361
@Franco?
How to configure the 'Blocklists' page for my purposes would be really appreciated.
I just need to add a single Private Domain for plex.direct
-
The goal here is to exclude individual domains from DNS rebinding protection.
This was achieved using the Custom Options on the Unbound general settings.
Like this
server:
private-domain: "plex.direct"
If this can now be completed using a configuration within Unbound DNS Blocklist this would be great!
But I can't seem to get it working.
-
I have been working on trying to get this done myself. Plex remote access will not work unless I can figure out how to do this.
-
This is breaking secure plex connections on the local network for me.
I can run with insecure but this requires reconfiguring each client.
Would prefer secure obviously
-
Or do I need to create a .conf file?
https://docs.opnsense.org/manual/unbound.html
I tried this by creating a plex.conf and placing in the correct folder.
Restarted Unbound
No success
I'm confused...
Same...
as per: https://docs.opnsense.org/manual/unbound.html#advanced-configurations
I've done the same for both plex.direct and a personal domain hosted on external nameservers that resolve to internal IP's.. can confirm my custom.conf file placed in /usr/local/etc/unbound.opnsense.d/ appears to be ignored.. restart unbound, custom.conf file is copied over to /var/unbound/etc/ but does not do anything.
nslookup returns the authoratitive nameservers, but no IP. :/
-
I just added plex.direct no quotes onto Services>Unbound DNS>Blocklist>Private Domains
No need to add
server:
private-domain: "plex.direct"
It seems to be working for me
-
Thanks andrema2,
I had tried setting plex.direct (without quotes) in the private domain section of blocklists and I believe others here have to without success.
To help us - Can you confirm plex clients can NOT connect to the plex server if you remove this setting. Then CAN connect if you set it again.
Also, just to make sure we are doing things the same as you, can you tell us more about how you have set this up within Blocklists.
Specifically what others options you set within Blocklists.
Did you 'enable' blocklists
Did you choose a DNSBL
Did you restart the Unbound DNS Service
Also did you change anything on the plex client or server side
Thanks for any further help
-
I have mine working after doing the following
Added a host override to Unbound DNS for plex.mylocaldomain.com and specified its internal IP address.
This address is in DHCPv4 leases already however...
Now my internal secure connections seem to be working again.
I do not have any configuration in blocklists or a .conf file
I also rebooted the plex server which is on a windows server host OS.
I updated windows server and plex server.
I made sure the windows server local network was classed as 'private'
Hopefully this helps others.
-
Thanks andrema2,
I had tried setting plex.direct (without quotes) in the private domain section of blocklists and I believe others here have to without success.
To help us - Can you confirm plex clients can NOT connect to the plex server if you remove this setting. Then CAN connect if you set it again.
Also, just to make sure we are doing things the same as you, can you tell us more about how you have set this up within Blocklists.
Specifically what others options you set within Blocklists.
Did you 'enable' blocklists
Did you choose a DNSBL
Did you restart the Unbound DNS Service
Also did you change anything on the plex client or server sides
Thanks for any further help
Yes, I did enabled blocklists, but I didn’t choose any DNSBL. I did restart the Unbound. I do have my server in the domain override since I use an alias. Maybe this is why it is working.
I can tell that on the location where unbound load any additional conf files, there is a miscellaneous.conf with the Plex.direct statement in it.
-
my .conf file is working after leaving it alone overnight.... strange
-
I wish it would be up to administrator to enable/disable custom optionsin gui. Since it’s not the case I need to ask what’s a final solution? Putting .conf
server:
private-domain: plex.directfile in aforementioned directory doesn’t work…
-
There is a plug-in available, which will return the custom options field within Unbound settings
- To install the plugin, SSH into firewall and run:
- # fetch -o /usr/local/etc/pkg/repos/mimugmail.conf https://www.routerperformance.net/mimugmail.conf
- Then go to the GUI and install the plugin below from System : Firmware : Plugins
- os-unboundcustom-maxit-1.0
- Reboot the router, and there will be a new Custom Options menu under Services: Unbound DNS, where you can add the original private-domain: plex.direct command.
-
my .conf file is working after leaving it alone overnight.... strange
It seems like it's my case too.
Is it related to some cron activity? Reloading, restarting unbound right after saving conf file didn't affect anything.
-
Specifically what others options you set within Blocklists.
Did you 'enable' blocklists
Did you choose a DNSBL
Did you restart the Unbound DNS Service
Also did you change anything on the plex client or server side
Thanks for any further help
I have it configure the same way and works perfectly. No changes on Plex.
-
... Plex remote access will not work unless I can figure out how to do this.
As far as I know, for remote access only port 32400 is needed. I've not changed anything for the certificates so far. And remote access is working just fine (at least from native apps, usually not using app.plex.tv)
-
I have been working on trying to get this done myself. Plex remote access will not work unless I can figure out how to do this.
This is not strictly related to remote access. You only need to forward and allow the proper port on the FW for that to work. The unbound setting is needed for Plex clients in your internal network that are using Unbound as DNS server.
-
You are correct, it's really two separate issues. For what ever reason opnsense does not open ports on my new AT&T gigabit connection (it was fine on Comcast's gigabit). But I have no issues opening ports if I switch to Unifi USG, Palo Alto PA-220 (or even my Orbi RBK853 when in router mode). I can confirm the port is open by external scans (shows up on the other devices and blocked with OPNsense.
-
For completeness (now that 21.7 has removed the Unbound Custom options from the GUI), the way I have continued to use the GUI to address this is as follows:
Under System, Administration, Alternate Hostnames: plex.direct otherhost (where other hosts are separated by spaces)
Under Services, Unbound DNS, Blocklist, Whitelist Domains: plex.direct
Under Services, Unbound DNS, Blocklist, Private Domains: plex.direct
This works well for me. It pays to note that the reason I have it under both whitelist and private is I found it solved a problem when connecting to a remote plex server (not my own) which was reporting indirect connections.
For those of you missing the aforementioned way of doing this via custom options, that can still be done manually by editing /usr/local/etc/unbound.opnsense.d instead.
Hope that helps someone out there!
Marshalleq