OPNsense Forum

Archive => 17.7 Legacy Series => Topic started by: AndyX90 on November 14, 2017, 11:48:22 am

Title: Local DNS Override
Post by: AndyX90 on November 14, 2017, 11:48:22 am
Hey guys, i have a question regarding my DNS-setup.

My scenario looks like the following:

Windows Domaincontroller (local DNS) forwarding --> OPNSense (unbound, used as dns for itself) --> ISP DNS

Now i thought i could do an domain override for my local domain in unbound and point to the windows dns but it doesnt work..

If i do dns lookups on interface statistics it doesn't resolve my local domain-pcs.

I need this for the new web-proxy-sso plugin.

Any suggestions?
Title: Re: Local DNS Override
Post by: Ciprian on November 14, 2017, 12:48:32 pm
Domain override + FQDN + (if case) ACL in Unbound for LAN segments not directly connected to one of OPNsense interfaces (e.g. VPN connections).

All of them mandatory, an it should work (I know "it should work" is not a helpful formulation, but you get my point :) ): I have multiple sites, all of them with their own DNS resolver (OPNsense + S2S VPN), and one of the sites (the HQ) have exactly your case - Unbound in OPNsense as DNS server served by DHCP for most of the clients, DC as Windows DNS for LAN and perimeter, OpenDNS as public DNS resolver/ fwder (doesn't matter it's not ISP DNS for that case) - and all and every client in all and any site can resolve FQDN to IP (fwd DNS) and IP to FQDN (reverse DNS) for all and every other client in all and every other site. But it must be FQDN, otherwise you have to use "host overriding" instead, which is a daunting task even for a small number of hosts.

Cheers, and good luck! :)