1
24.7 Production Series / HTTPS DNS records in OPNsense’s BIND service?
« on: October 02, 2024, 05:31:13 pm »
Esteemed inhabitants of the forum,
please excuse the pollution of the forum with my humble question. I used the revered OPNsense for some years now with greatest joy and ever-growing reliance. All my respect to the honored maintainers bringing this fine piece of software to life.
My latest adventure was the migration of my home's opnsense gateway to a vm on truenas. Yes, there are 0.3ms delay penalty per libvirt nic. But that's ok for me when I look at the gained functionality at given energy consumption. Everything fine until here.
Truenas brings apps. They heavily rely on distinguished ports for separate access to the different services. I want to call them by nice names like service.homelab.local. One may install any reverse proxy and dispatch from there. But as energy consumption was one of my concerns, the host is weak by design. Thus, a reverse proxy dispatching all live connections looks like overhead that may be avoided.
DNS knows HTTPS records as per RFC9460. My design envisioned a dns record for service.homelab.local that points to the truenas' ip address and the service's distinguished port in the record's parameter section. This should give the services nice names without permanent redirection overhead since the browser directly connects to the advertised ports.
When testing this with opnsense's bind service, I figured that the type option does not provide HTTPS as value. Would it be hard to add to the web frontend?
A thousand thanks to any considerations of this request in advance!
please excuse the pollution of the forum with my humble question. I used the revered OPNsense for some years now with greatest joy and ever-growing reliance. All my respect to the honored maintainers bringing this fine piece of software to life.
My latest adventure was the migration of my home's opnsense gateway to a vm on truenas. Yes, there are 0.3ms delay penalty per libvirt nic. But that's ok for me when I look at the gained functionality at given energy consumption. Everything fine until here.
Truenas brings apps. They heavily rely on distinguished ports for separate access to the different services. I want to call them by nice names like service.homelab.local. One may install any reverse proxy and dispatch from there. But as energy consumption was one of my concerns, the host is weak by design. Thus, a reverse proxy dispatching all live connections looks like overhead that may be avoided.
DNS knows HTTPS records as per RFC9460. My design envisioned a dns record for service.homelab.local that points to the truenas' ip address and the service's distinguished port in the record's parameter section. This should give the services nice names without permanent redirection overhead since the browser directly connects to the advertised ports.
When testing this with opnsense's bind service, I figured that the type option does not provide HTTPS as value. Would it be hard to add to the web frontend?
A thousand thanks to any considerations of this request in advance!