Messages

I have some idea about this, and it need some work but it could be done.

The worst is that Bind is caching data in journal and store into db on stop daemon.

what i tested today and it could be done:
- generate zone and db files into config in bind plugin ( its fast and easy)
- turn off domain.db generation in +TARGETS
(i try scenario that it remove journal and regenerate files but i've done something wrong and journal was not deleted - that solve half of problem it generate clean zone with static defined records, and should work on ddns to next restart,after restart jnl would be deleted and zone need to be repopulated - but dhcp should do that, but its not )

- do not use current zone config (if domain.db in +target not specified it is not working even if changed but data are stored in config)


- what im plan to do:
first solution:
action for read zone from db files after stop bind daemon and store data into config.xml and regenerate it on start bind daemon. could be done with rndc freeze and rndc thaw or rndc sync command and then run some interface to read and store to xml.
It need to be synced befor edit zone by GUI or using other way of edit zone on working bind (ddns.pl or similar)

second solution:
leave as it is (GUI zone management without changes, regeneration on start of bind) and remove jnl files after stop bind deamon ( it regenerate only static records, and dhcp need to repopulate hosts).

I am think about first solution because it allow to change zone from dhcp and other way (not only by GUI), it not delete data on restart daemon. But it need to change GUI zone management (Bind doesn't like change zone database when is working, because of journal problems) and some changes into start and stop scripts to make store of data into config.xml file.

Did you add it by Firewall --> NAT ->port Forward ?

I think you need to do it on LAN interface (where connection is incomming)

Hi, I have try to use bind as server for zones (master) with updates from DHCP, everything is working fine but changes are stored into db files that are not parsed by GUI and are regenerated on restart of OPNsense.

Is this possible to change storage for records from config.xml to db files?

This need to change a way to zone management, but we can try to do that similar than in this project: https://sourceforge.net/projects/ddns-pl/ (or even implement that here)

Any suggestion?
Is it good idea to change storage database?

Ok, i have done it (it seems working) but ... it need some changes in opnsense.

I have successfull done and working solution for multidomain lan based on BIND and rndc-key.

What i did and its working fine:   :)
- change rndc-key in conf/config.xml to the same as in bind (sha-256 manually enter needed, bcs there is no option in template)
- add zones for all subnets subdomains (one zone for subdomain)
- add 10.in-addr_arpa zone for revdns
- add update permision in zone config (manually in /usr/local/etc/namedb/named.conf)

What is not working:   :(

- i think on restart or changes by gui file  /usr/local/etc/namedb/named.conf and zones db are regenerated witchout my changes ( I need to copy /usr/local/etc/namedb/named.conf them from backup by cron but its templorary)

- zone management in GUI BIND is not possible, is not display corect zones changed by dhcp (but in zone.db there are records)

Did anyone have suggestions how to prevent regeneration of zone db, and add update permission to zone config?

[bind zones and rndc?]

Thx, I try everything to solve it by GUI.
Did anybody try to set it by commandline, or some hacks?
I'm new in OPNsense, but it could be done maybe with bind zones and rndc?

[|--> [host1.subnet1.corp.com] ( 10.10.10.1) |--> [host2.subnet1.corp.com] ( 10.10.10.2) |--> [host3.subnet1.corp.com] ( 10.10.10.3)]

Hi, I try to configure OPNsense to serve DHCPv4 to few subnets (LAN) and serve dns for them. Its working but all hosts in any subnet is registered as global domain (corp.com as example). I see option DHCP domain override in global unbound settings but is one for all subnets and its not i want do do. ( I want to have dns subzone for every subnet)

I want to set something like that:

corp.com ---- [router.corp.com]--| (SUBNET 16 PUBLIC IP for NAT)
                                                |--> subnet1.corp.com (10.10.10.0/24)
                                                          |--> [host1.subnet1.corp.com] ( 10.10.10.1)
                                                          |--> [host2.subnet1.corp.com] ( 10.10.10.2)
                                                          |--> [host3.subnet1.corp.com] ( 10.10.10.3)
                                                |--> subnet2.corp.com (10.10.20.0/24)
                                                |--> subnet3.corp.com (10.10.30.0/24)
                                                          |--> [host11.subnet3.corp.com] ( 10.10.30.2)
                                                          |--> [host12.subnet3.corp.com] ( 10.10.30.3)
                                                          |--> [host13.subnet3.corp.com] ( 10.10.30.4)
                                                |--> subnet4.corp.com (10.10.40.0/24)
                                                |--> dmz.corp.com (10.100.100.0/24) (no DHCP, no DNS)

I have set DHCPv4, and it serve ip corectly.
I set domain name and domain searchlist in DHCPv4 config for all subnets.
I need CNAME, MX, TXT records in subnets and i set domain overrides (delegation) in unbound and zones for subnets in BIND for this subnets.
All its working fine but dhcp dynamic leases for all subnets are registered in global domain (hostname*.corp.com).
Is it even possible to setup this in that way?