OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Profile of koenraadl »
  • Show Posts »
  • Messages
  • Profile Info
    • Summary
    • Show Stats
    • Show Posts...
      • Messages
      • Topics
      • Attachments

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

  • Messages
  • Topics
  • Attachments

Messages - koenraadl

Pages: [1]
1
21.1 Legacy Series / Bind & Dynamic dns
« on: May 25, 2021, 11:35:44 am »
Hi,
I got no replies about my topic concerning dnsmasq and secondary dns, so I went ahead and installed bind.
Now I can do transfers to a secondary dns-server but I can't get the ip-addresses that the dhcp-server hands out. In other words : dynamic dns does not work, because bind does not allow updates from the dhcp-server, the clause "allow-updates" is missing from the gui.
When I manually add that to the config-file, it still does not work. I didn't find the reason, but in a post from june 2020 someone reported that the journal-file could not be made. But that was for an older version of opnsense. I hoped that recent versions of opnsense would support this.
Am I doing something wrong ? Or is this a known issue ?
Side remark : after doing the manual modification, I can't shutdown opnsense. I have to cut power.
TIA,
Koenraad.

2
21.1 Legacy Series / dnsmasq secondary dns
« on: May 18, 2021, 05:09:40 pm »
Hi,
I have a number of subnets, connected via VPN. works OK. All those subnets have an opnsense router.
On one of those subnets, I have a server (windows-server 2019) that needs to access the Windows-PC's on all subnets. It's a two step process : the server first scans those subnets. In that step it collects the FQDN of the PC's. That works OK.
But the second step is problematic : it tries to access those devices via FQDN. The opnsense-router on the server's subnet has no idea about the FQDN of the other subnets.
So, on a test-network I configured opnsense and a client.
On opnsense I setup dnsmasq and configured it to get the names of the local devices via dhcp, with some static dns-entries. Local dns-queries are OK. Queries for the Internet also work fine.
Next I tried to configure dnsmasq to be able to send the dns-data to that server's dns-server acting as a secondary dns-server. I got that working, but then the dns-queries to the outside internet do not work any more.
I added a file to /usr/local/etc/dnsmasq.conf.d/ (like the manual of dnsmasq says) containing this :
Code: [Select]
auth-server=opnsense2.test2.mylan.lan,em1
auth-zone=test2.mylan.lan,10.0.2.0/32
auth-peer=10.0.2.100 # <- client's IP
auth-sec-servers=opnsense1.test1.mylan.lan
host-record=opnsense2.test2.mylan.lan,10.0.2.1
From the client, without that file, I can
Code: [Select]
host www.gmail.com 10.0.2.1With that file
Code: [Select]
host www.gmail.com 10.0.2.1does not give a result, but
Code: [Select]
dig -t axfr test1.mylan.lan @10.0.2.1works.
Also
Code: [Select]
host opnsense2.test1.mylan.lan 10.0.2.1works fine.

Any suggestion what I'm doing wrong ? Or what to do to get what I want. I'm thinking of installing bind9 but that's a last option.

TIA,
Koenraad

Pages: [1]
OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2