Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - koenraadl

Pages1
#1
21.1 Legacy Series / Bind & Dynamic dns
May 25, 2021, 11:35:44 AM
Hi,
I got no replies about my topic concerning dnsmasq and secondary dns, so I went ahead and installed bind.
Now I can do transfers to a secondary dns-server but I can't get the ip-addresses that the dhcp-server hands out. In other words : dynamic dns does not work, because bind does not allow updates from the dhcp-server, the clause "allow-updates" is missing from the gui.
When I manually add that to the config-file, it still does not work. I didn't find the reason, but in a post from june 2020 someone reported that the journal-file could not be made. But that was for an older version of opnsense. I hoped that recent versions of opnsense would support this.
Am I doing something wrong ? Or is this a known issue ?
Side remark : after doing the manual modification, I can't shutdown opnsense. I have to cut power.
TIA,
Koenraad.
#2
21.1 Legacy Series / dnsmasq secondary dns
May 18, 2021, 05:09:40 PM
Hi,
I have a number of subnets, connected via VPN. works OK. All those subnets have an opnsense router.
On one of those subnets, I have a server (windows-server 2019) that needs to access the Windows-PC's on all subnets. It's a two step process : the server first scans those subnets. In that step it collects the FQDN of the PC's. That works OK.
But the second step is problematic : it tries to access those devices via FQDN. The opnsense-router on the server's subnet has no idea about the FQDN of the other subnets.
So, on a test-network I configured opnsense and a client.
On opnsense I setup dnsmasq and configured it to get the names of the local devices via dhcp, with some static dns-entries. Local dns-queries are OK. Queries for the Internet also work fine.
Next I tried to configure dnsmasq to be able to send the dns-data to that server's dns-server acting as a secondary dns-server. I got that working, but then the dns-queries to the outside internet do not work any more.
I added a file to /usr/local/etc/dnsmasq.conf.d/ (like the manual of dnsmasq says) containing this :
Code Select
auth-server=opnsense2.test2.mylan.lan,em1
auth-zone=test2.mylan.lan,10.0.2.0/32
auth-peer=10.0.2.100 # <- client's IP
auth-sec-servers=opnsense1.test1.mylan.lan
host-record=opnsense2.test2.mylan.lan,10.0.2.1

From the client, without that file, I can
Code Select
host www.gmail.com 10.0.2.1
With that file
Code Select
host www.gmail.com 10.0.2.1
does not give a result, but
Code Select
dig -t axfr test1.mylan.lan @10.0.2.1
works.
Also
Code Select
host opnsense2.test1.mylan.lan 10.0.2.1
works fine.

Any suggestion what I'm doing wrong ? Or what to do to get what I want. I'm thinking of installing bind9 but that's a last option.

TIA,
Koenraad
Pages1