Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - ffsb42

Pages1
#1
25.1, 25.4 Series / dnsmasq doesn't seem to "forward to system defined DNS servers" ??
July 30, 2025, 03:01:30 PM
Dear fellow opnsense  community,

I can't seem to get dnsmasq to forward my own domain resolutions of unknown hosts properly when leaving unchecked the option Services/DNSMasq/General/Do not forward to system defined DNS servers...

background: 
- clients DNS configuration is to go to adguard first (running in opnsense on port 53)
- adguard resolves my own domain to *.foo.bar by forwarding the request to dnsmasq (running in opnsense on port 5054). ie: in Adguard/DNS_Settings/UpstreamDNS: ][/foo.bar/]192.168.0.1:6054
-  dnsmasq is configured to self-register dhcp hosts in its own dns and properly allow resolution of a host mypc.foo.bar and mypc locally without any issues
- I do own my a domain in cloudflare foo.bar, some of my devices are setup to self register their external facing IP addresses with cloudflare. I also expect dns resolutions for foo.bar to resolve to local IP via dnsmasq when the device is inside my local network behind opnsense... 

However, if I have a host moving outside of my network (like a phone or laptop) and it is configured to properly self register its public ip with cloudflare to my own domain ie: remotepc.foo.bar... it obviously is not visible to dnsmasq. I would have expected:
1) client to ask adguard to resolve remotepc.foo.bar  -> that works
2) adguard to ask dnsmasq to resolve remotepc.foo.bar -> that works
3) dnsmasq to forward the resolution to my default opnsense system dns (1.1.1.1) since he doesn't a trace of remotepc.foo.bar  -> that doesn't work

as a workaround, I can instruct adguard to forward the request for remotepc.foo.bar to cloudflare (which is ok for devices permanently outside of my network but not for a roaming pc or phone) by adding the following line first in Adguard/DNS_Settings/UpstreamDNS: ][/remotepc.foo.bar/]1.1.1.1

What am I doing wrong?




#2
General Discussion / dnsmasq doesn't seem to "forward to system defined DNS servers" ??
July 29, 2025, 04:11:47 PM
Dear fellow opnsense  community,

I can't seem to get dnsmasq to forward my own domain resolutions of unknown hosts properly when leaving unchecked the option Services/DNSMasq/General/Do not forward to system defined DNS servers...

background: 
- clients DNS configuration is to go to adguard first (running in opnsense on port 53)
- adguard resolves my own domain to *.foo.bar by forwarding the request to dnsmasq (running in opnsense on port 5054). ie: in Adguard/DNS_Settings/UpstreamDNS: ][/foo.bar/]192.168.0.1:6054
-  dnsmasq is configured to self-register dhcp hosts in its own dns and properly allow resolution of a host mypc.foo.bar and mypc locally without any issues
- I do own my a domain in cloudflare foo.bar, some of my devices are setup to self register their external facing IP addresses with cloudflare. I also expect dns resolutions for foo.bar to resolve to local IP via dnsmasq when the device is inside my local network behind opnsense... 

However, if I have a host moving outside of my network (like a phone or laptop) and it is configured to properly self register its public ip with cloudflare to my own domain ie: remotepc.foo.bar... it obviously is not visible to dnsmasq. I would have expected:
1) client to ask adguard to resolve remotepc.foo.bar  -> that works
2) adguard to ask dnsmasq to resolve remotepc.foo.bar -> that works
3) dnsmasq to forward the resolution to my default opnsense system dns (1.1.1.1) since he doesn't a trace of remotepc.foo.bar  -> that doesn't work

as a workaround, I can instruct adguard to forward the request for remotepc.foo.bar to cloudflare (which is ok for devices permanently outside of my network but not for a romaming pc or phnone) by adding the following line first in Adguard/DNS_Settings/UpstreamDNS: ][/remotepc.foo.bar/]1.1.1.1

What am I doing wrong?




#3
General Discussion / Re: Question about Adguard home > Unbound DNS configuration
July 26, 2025, 05:17:40 AM
Pardon my ignorance, but why not only using adguard+dnsmasq
and using the dhcp server in dnsmasq?

basically
1) configure the clients to go adguard and adguard uses dnsmasq only for the local subnet resolutions
2) have opnsense resolve to adguard first (with DOH/DOT/QUIC), 1.1.1.1 as a backup (I assume it will just hit the 1.1.1.1 only during boot time before adguard is fully up?)

wouldn't that work? on a side note, adguard also has its own dnscache
#4
Development and Code Review / Re: How to update client names in tp-link OMADA SDN controler
July 02, 2024, 10:38:06 PM

1) Which host to run it from?
It can run from anywhere as long as you have connectivity to the omada url  AND can do a reverse dns lookup.

2) omada binary location?
That depends on your own python installation...  when you run the pip install it should tell you the destination. I think by default if you are not root it is something like  ~/.local/bin

3) Is it sufficient to provice the MACs with names in OPNsense in the DHCP-server ("Services: ISC DHCPv4: [LAN]")?
AFAIK, to get the reverse dns and local name resolution you need:
3.1) to use ISC DHCP with the option to (Kea DHCP self registration is not working yet)
3.2) to run unbound DNS on opensense and check these 2 options:
Register ISC DHCP4 Leases
Register DHCP Static Mappings
that basically allow you to retrieve the name of dhcp hosts by IP addresses over DNS.

#5
Development and Code Review / How to update client names in tp-link OMADA SDN controler
June 13, 2024, 10:29:07 PM
- not sure if this is the right section of the forum to post it (I guess it really is not opnsense specific)
- not sure if this could be added to opnsense directly or as a plugin
- you might want to audit the script and the python library prior to use in a PRODUCTION setting.
- I am using it successfully on omada SDN controlling tplink siwtches and AcccessPoints from a ubuntu host runnning the OMADA SDN as a container and usign opnsense unbound as primary local DNS.
but anyway, it it helps others...

here is a very simple script which can be run once or in cron to automatically rename OMADA clients based on a reverse DNS lookup.


Code Select

#!/usr/bin/bash
version=0
changelog="version=$version, 13-Jun-2024, initial build"

version=2
changelog="version=$version, 14-Jun-2024, swapped loop from by-subnet to by-omada-clients-mac, saving before and after files in /var/tmp"


HELP="
dns2omada.sh is the most simplistic script ever meant to paliate one of dumbest laziest lack of feature of the tp-link OMADA SDN software....
it simply populate the OMADA client's name based on DNS name...  everytime the script runs it will keep a copy of the omada clients output
before and after the script execution in /var/tmp/omadaclients.*.dns2omada

using a python omada api...
Assumptions:
- you already have a local DNS server able to perform reverse DNS resolution per IP.
- you already have omada SDN setup on the network
- you should create an OMADA admin account dedicated to this process using a very long random password string without any special character
- my subnet is simply from 192.168.0.1 to 192.168.0.256 so I have a simple loop, you might have to modify the script if your subnet is class B
with an outer loop etc...
usage:
    1) install python: sudo apt install python3-pip
    2) install the omada python api: pip install tplink-omada-client
    3) update the parameters CHANGE_ME values in the scipt below
    4) run the script manually or in cron...     
"

# these should be self-explanatory
omada_username="CHANGEME_mrpotatoe"
omada_password="CHANGEME_lfdaruiRWGFD335qw324z"
omada_site="CHANGEME_homesweethome"
omada_url="https://CHANGEME_omada.mylocaldomain"
dns_server=CHANGEME_192.168.0.1
omadabin=/CHANGEME/bin/omada   # the absolute path to the omada binarie whch gets installed with the client.




if [[ $# -gt 0 ]]
then
    echo $HELP
    exit 3
fi

if fgrep -v grep $0 | fgrep CHANGEME  >/dev/null
then
    echo "ERROR: you forgot to change these varialbes from $0:"
    fgrep -v grep $0 | fgrep CHANGEME
    echo "$HELP"
    exit 4
fi
$omadabin -t myomada target --url $omada_url --user $omada_username --password $omada_password --site $omada_site --set-default

omadaclients=/tmp/omadaclients.$$.txt

$omadabin clients  > $omadaclients

cat $omadaclients | while read mac ip name device port junk
do
    clientname=""
    clientmac=$mac
    #
    # debugging
    #echo "parsing mac=$mac ip=$ip name=$name device=$device port=$port junk=$junk"

    if [[ $ip = "" ]] || [[ $ip = "-" ]]
    then
        echo "skiping $mac because omada does not have an IP for it"
    else   
        clientname=$(nslookup $ip $dns_server 2>/dev/null | fgrep "=" |cut -f2 -d"=" |cut -f1 -d"."|tail -1)
        if [[ $clientname = ""  ]]
        then
            echo "skipping $ip because I cant resolve it"
        else
            echo "setting hostname for $ip to $clientname for mac $clientmac "       
            $omadabin set-client-name $clientmac $clientname           
        fi
    fi
    unset  mac ip name device port junk   
done
cat $omadaclients > /var/tmp/omadaclients.before.dns2omada
$omadabin clients  > /var/tmp/omadaclients.after.dns2omada



#6
Development and Code Review / Re: HelloWorld module / application
June 13, 2024, 10:20:35 PM
 :'( it looks like the link in the sticky post is obsolete... new link should be: https://wiki.opnsense.org/development/examples/helloworld.html isn't it?
Pages1