OPNsense Forum
Archive => 17.1 Legacy Series => Topic started by: daviderickson on February 17, 2017, 09:26:41 pm
-
Hi I am wondering if OPNsense can be used solely as a HA DNS/DHCP service provider? I don't want/need any WAN/LAN routing, I need one interface to be able to carry multiple vlans, and provide DHCP/DNS on unique IP addresses per VLAN. I'd like to run two instances of OPNsense either in active/active or active/passive, and ensure state is syncing between them for failure protection. I also need an API to add/remove DNS/DHCP entries.
Bonus points if it can support subdomains, and/or mirror state to an offsite location that can work in sometimes-disconnected format.
Thanks!
-
The manual mentions DHCPD synchronisation over CARP. DNS replication is trivial unless you need clients to dynamically update. Certainly worth setting up a pair of OPNsense VM's in your test lab. Please feedback your findings/solution for future searches to this forum.
If you need this feature, I'm sure you have considered Windows servers for this but I'll mention for completeness sake that DHCP failover https://technet.microsoft.com/en-us/library/hh831385(v=ws.11).aspx combined with AD integrated DNS will do the same, but for a price.
Bart...
-
If you're after some kind of authoritative server I would not use opnsnse for this, neither of the DNS packages installed are designed for that role.
That being said, Unbound can serve some local data and if it is just for a small / simple setup it may meet your needs, config sync via XMLPRC is supported.
As for DHCP, I had a feature request open for some time to add enhancement to allow the DHCP server to act as a stand alone appliance for situations where you are doing DHCP relay for multiple networks back to a single box. Unfortunately I guess this is quite a niche application and so far nothing has been developed that can add these options.
At the moment opnsense only allows you to configure address ranges for subnets it has an interface configured in, if you don't mind trunking all your VLANs into opnsense and giving it an interface and IP in each VLAN then it can certainly do HA DHCP on a single interface like you are asking.
-
If you need this feature, I'm sure you have considered Windows servers for this but I'll mention for completeness sake that DHCP failover https://technet.microsoft.com/en-us/library/hh831385(v=ws.11).aspx combined with AD integrated DNS will do the same, but for a price.
I'm not sure I'd use Windows for any kind of authoritative DNS role unless you really had to ;) Far better open source options out there (PDNS / BIND / NSD / Knot etc.)
However, I would agree that if you are after a DHCP server that is capable of stateful failover and good HA and has a pretty GUI to configure it with Windows server is actually one of the cheapest commercial options you have.
-
Thanks for the feedback, this is for a small office so we can probably do without enterprise DNS features. I would like to be able to publish DHCP reservations to DNS, so there needs to be some kind of integration between those processes. I don't know if what OPNsense uses supports that or not, but I can play with it and find out.
-
OPNsense has HA config sync, so that any config changes you make on one opnsense will change on the other, and you can narrow this down to specific config sections, like dns and dhcp, combined with CARP for Active/Passive virtual IPs.
The DNS Forwarder and DNS Resolver also support registering hostnames from dhcp, both static reservations and dynamic