Messages

I mean, I suppose this could be a discussion thread on any service that has profiles and seperate dns addresses once they're setup. NextDNS just happens to be the one I'm using.

I do use both NextDNS and ControlD, ControlD at home and NextDNS on the root Server. And while evaluating both services I did install and use ControlD's DNS forward proxy (https://github.com/Control-D-Inc/ctrld) at home. Very flexible and worth to checkout.

You can define multiple listeners, networks, rule for the listeners and upstream services (and more that I probably forgot about). Never tried with multiple NextDNS profile but I don't see a reason why it wouldn't work. There's no GUI element to it in OPNsense, the config happens in a TOML file

In my config below some devices have their own ControlD or NextDNS profile (MAC based) and queries for local DNS get forwarded to the *sense (network.0 & upstream.0):

Code Select Expand

[service]
    log_level = "info"
    log_path = ""
    cache_enable = true
    cache_size = 10240
    cache_ttl_override = 60
    cache_serve_stale = true

[listener]
  [listener.0]
    ip = '0.0.0.0'
    port = 53
    allow_wan_clients = true
    restricted = true

    [listener.0.policy]
      name = 'Policy @ Home'

      networks = [
          {'network.0' = ['upstream.0']}
      ]
      rules = [
        { '*.my.home.arpa' = ['upstream.5']}
      ]
      macs = [
       {"xx:xx:xx:xx:xx:xx" = ["upstream.2"]}, # Macbook Air M2 Wifi
       {"yy:yy:yy:yy:yy:yy" = ["upstream.1"]}  # Apple TV 4K Livingroom
      ]

[network]
  [network.0]
    name = 'Local LANs'
    cidrs = ['192.168.169.0/24', '10.11.0.0/16', '2aaa:bbbb:.../48']

[upstream]
  [upstream.0]
    name = 'ControlD - Firewall @ Home'
    type = 'doh'
    bootstrap_ip = '2606:...'
    endpoint = 'https://dns.controld.com/<a profile>'
    timeout = 5000

  [upstream.1]
    name = 'ControlD - Apple TV Living Room'
    type = 'doh'
    bootstrap_ip = '2606:...'
    endpoint = 'https://dns.controld.com/<another profile>'
    timeout = 5000

  [upstream.2]
    name = 'NextDNS - blockads Profile'
    type = 'doh'
    boostrap_ip = '2a07:...'
    endpoint = 'https://dns.nextdns.io/<profile>'
    timeout = 5000

  [upstream.3]
    name = 'Quad9'
    type = 'doh'
    bootstrap_ip = '2620:fe::fe'
    endpoint = 'https://dns.quad9.net/dns-query'
    timeout = 5000

  [upstream.4]
    name = 'DNS0.eu'
    type = 'doh'
    bootstrap_ip = '2a0f:fc80::'
    endpoint = 'https://dns0.eu'
    timeout = 5000

  [upstream.5]
    name = 'Local Unbound'
    type = 'legacy'
    endpoint = '127.0.0.1:10053'
    timeout = 5000


I would also be curious about this method, would you have to disable Unbound in order for this to work?

Thanks everyone for the responses, but do you guys know anyway to do the same thing in OpnSense alone?

I mean, I suppose this could be a discussion thread on any service that has profiles and seperate dns addresses once they're setup. NextDNS just happens to be the one I'm using.

Mainly, what I'd like to do is have VLAN have it's own set of DNS servers it goes to, should the local Unbound server not be able to resolve it. I have some local servers that have proper URLs that I'd like to be able to access, and I have their overrides in Unbound, but if that doesn't go to anything local, then go to NextDNS and get the URL. Depending on the VLAN traffic originates from.

Hope this all makes sense, and thanks again

Hi all,

I was curious, for those of you using NextDNS or something similar out there. I have a couple different profiles setup in NextDNS and was wondering how I can apply each of those profiles to different VLANs on my networks?

Any help would be much appreciated.

If there are any errors, do you know where you can find the logs for the automations?

So, I thought the error might've been fixed, but apparently even though I'm able to ping my proxmox server's IP. It's still not grabbing from the IP range in 13.0.0.0/16.

Is there any other things I could be missing, and what can I present to help you see what's up?

Actually, I figured it out, VLAN 13 wasn't connected to Port 8 (the port connected to the router).

Once I did that, then addresses could be pulled.

The image below shows the VLAN not added to my port 8, which is causing the problems.

So, I've got some VLANs on my router

11 = IoT
12 = Kids network
13 = Servers

They are all setup in the same way (in the VLANs section of Interfaces), and all of them have the LAN as a parent. Outside of firewall rules, they all work except for the server one, They all have a default allow out rule at the end. The layout is the picture below.



However, anything connecting to the Servers VLAN refuses to connect, what could be wrong?

Alrighty, both of those suggestions made it work.

So, for anyone else:

• Setup SSH Keys properly (With your ssh-agent too)
• Make sure it works on Github
• Create a new repo (don't add or commit anything)
• The URL should be ssh://github.com/[username]/[repo].git
• The branch should be whichever one is the one setup (most likely master)
• Paste your SSH key
• Set username to 'git'
• Success! :-D

Yes, I do have the ssh key added, and it does work for other repos.

Just not the new one I setup for the configs, but at least I remember creating new ones for each of my projects and not coming across this yet.

I'll have to check and see if something's different on the others.

Took out the password, same result

Hello all,

I love OpnSense and it has been great ever since I installed it. However...

My only problem now that I can't seem to solve intuitively is I want auto backups of my config to github. I think I have my settings correct:



Then it gives me this error:



Any help would be much appreciated.

So, couple things, misread a label that meant that any machine that didn't have a DHCP lease statically wouldn't connect. Oopsie.

Secondly, I noticed that the main reason Plex won't work after that setting, is that if I use required encryption on Plex, it doesn't allow me to connect.

Anybody have any clues on that? I'd like it to have nothing but encrypted connections. (even on home network)

So,

I have a lot of bog standard configurations on my OPNSense config, and everything seems to be working great when it comes to connecting out or in on the network.

My LAN, OPT1, and OPT2 interfaces are allowed to talk to anything going out. In theory my Roku device should be able to connect to my Plex server without issue, but it is the only thing on my network that when I try to connect, it may or may not function. When it does function it's usually with issues like skipping a bit of video and then eventually disconnecting.

Anybody else have experiences like this that might be able to help?

Thank in advance.