Messages

Hello,

I'm wondering if it's supported to have multiple IPs as a forwarder to the same domain in unbound?

I would like to forward DNS requests to MYDOMAIN.INTERNAL to two DNS servers (DC01 and DC02 of MYDOMAIN.INTERNAL).

However, I can't find a way of adding multiple IPs on a single query forwarder/domain override.

Is this possible at all or what is the alternative?

[Block private networks]

Hi,

DS Lite heißt, dass du eine öffentliche IPv6 und eine Carrier Grade NAT IPv4 oder Private IPv4 bekommst. D.h. Du musst auf dem WAN den Hacken bei Block private networks rausnehmen. Wozu brauchst du da GIF?

And in English, if you do not speak German. Which you should have mentioned.
DS Lite means you get a public IPv6 and a Carrier Grade NAT IPv4 or private IPv4. You need to disable on WAN Block private networks. Why you need GIF here?

KH

Thx for the reply and trying to help. Pretty sure that you're mistaken about how DS Lite works or we're using different terminology here. You don't really get an IPv4 address at all - be it private or public. You are however expected to forward all IPv4 traffic to their AFTR IPv6 address so that they can "translate" it to IPv4 and back again.

Also officially DS Lite is still not supported in OPNsense - hence the need for the GIF.

The configuration I tried was based on information gathered from the forums:

https://forum.opnsense.org/index.php?topic=27935.0
https://forum.opnsense.org/index.php?topic=22286.0
https://forum.opnsense.org/index.php?topic=7788.0

Wenn du eine möglichst große Zielgruppe mit deiner Frage erreichen willst, dann schreib Englisch im englischsprachigen Bereich.

Well, that's the thing though, isn't it? If I wanted as large a target group as possible, I'd post on Instagram or Facebook or Stackoverflow or Reddit or Youtube - pretty sure all of those platforms have a higher volume of users than these forums. But I'm not looking for as big a target group as possible am I? I'm looking for the largest *pertinent* target group.

So you tell me which one is most likely: that someone in the German forums happens to actually have DS Lite and Vodafone/Unitymedia from Germany or that someone in the English forums has that configuration and that German ISP in Germany?

And you say that not everyone here speaks English - that's absolutely fine. If I was writing in the English forums I also wouldn't expect everyone that reads it to know the answer would I? How is knowing the answer any different from understanding the question because of language reasons?

And nowhere in my question do I say that I expect people to answer in English or any other language, google translate happens to work well enough to be honest, not well enough that I'd feel like it can accurately translate what I'm writing to perfect German but well enough that I can understand what you or others reply in German.

So if someone wants to help (like you tried or KHE tried) and you feel more comfortable writing in German or are just too stubborn to answer in English that's fine with me! After all, I did post in the German forum!

But don't expect me to be quiet when all someone "contributes" with is "Hey, you're in the German area!"

I'm not forcing anyone to reply - be it in German or English - or putting a gun to anyone's head. Exactly the same as if I was posting in the English forum actually!

Gee, must have missed that when I was looking for help with a German ISP in Germany and I live in Germany... Let me guess:  wir sind in Deutschland, hier redet man Deutsch right?

Hi, I'm located in Germany Bonn area trying to configure DS Lite for Vodafone/Unitymedia usage.

I've got OPNsense with an ipv6 address and working but now ipv4. I tried creating a GIF with the known AFTR address for Cologne unity media but can't get DS Lite to work. Any help would be appreciated.

chemlud, what more info do you require?

I've got my firewall configured with a allow all IPv4 traffic to non-private address spaces (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) as seen in the picture below.

Yet, despite that, a particular non-private address space IP address seems to be getting caught by the default deny rule and I can't explain why. Have a look at these logs in the second picture.

Why is it that that particular IP is not getting matched by the allow non-PAS traffic?? And why only that particular IP?! Why is it getting matched by the default deny rule?