1
General Discussion / [solved] How to let OPNsense's dns server use a dns server on lan?
« on: May 08, 2023, 02:31:50 pm »
Nevermind I fixed the issue
My issue is:
I cannot contact external DNS servers directly, it has to be through a proxy.
The DNS proxy server is on my LAN network, but OPNsense seems only fetch DNS through "gateway" which is WAN only
The DNS proxy have it's own set of trusted DNS server IP addresses, not rely on any other DNS
What I have tried:
in System: Settings: General, removed all DNS servers, unchecked "Allow DNS server list to be overridden by DHCP/PPP on WAN"
In Unbound settings, set "Network Interfaces" and "Outgoing Network Interfaces" both to LAN, and manually added my DNS proxy server in Query Forwarding
To be clear, this question is NOT about:
1. Let LAN DHCP clients use the internal DNS server, I still want OPNsense as main DNS server, then the OPNsense DNS fetch from DNS proxy server on LAN
2. Froce all user use specificed DNS server by firewall rule (aka. force redirect all dns trafic)
My issue is:
I cannot contact external DNS servers directly, it has to be through a proxy.
The DNS proxy server is on my LAN network, but OPNsense seems only fetch DNS through "gateway" which is WAN only
The DNS proxy have it's own set of trusted DNS server IP addresses, not rely on any other DNS
What I have tried:
in System: Settings: General, removed all DNS servers, unchecked "Allow DNS server list to be overridden by DHCP/PPP on WAN"
In Unbound settings, set "Network Interfaces" and "Outgoing Network Interfaces" both to LAN, and manually added my DNS proxy server in Query Forwarding
Code: [Select]
# resolve from OPNsense
% nslookup google.com 192.168.5.1
Server: 192.168.5.1
Address: 192.168.5.1#53
** server can't find google.com: SERVFAIL
# resolve from DNS proxy server
% nslookup google.com 192.168.5.220
Server: 192.168.5.220
Address: 192.168.5.220#53
Non-authoritative answer:
Name: google.com
Address: 172.217.194.101
To be clear, this question is NOT about:
1. Let LAN DHCP clients use the internal DNS server, I still want OPNsense as main DNS server, then the OPNsense DNS fetch from DNS proxy server on LAN
2. Froce all user use specificed DNS server by firewall rule (aka. force redirect all dns trafic)