Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - linus

Pages1
#1
General Discussion / Routing IPv6 through WireGuard
December 21, 2024, 05:30:49 PM
Hi!

I am running OPNSense as firewall/router for my home(lab). I would like to create a setup where I also run a OPNSense installation on a VPS, and then route the traffic from the VPS to the DMZ at home.



The reason for why I would like to to this is:
  • Getting a static IP for the services I want to expose
  • Not having to expose my home IP (in DNS records and such)
  • Not having to open any ports on my home router

For IPv4 traffic, I am just doing a port forward from the VPS to the IP of the web server in my DMZ.

But I am struggling with getting IPv6 working in the DMZ. I am getting a /56 on the VPS that I would prefer to route to OPNSense@Home, and then assign a /64 to the DMZ net. Is this possible to achieve? 
#2
23.1 Legacy Series / Re: Unbound forward to BIND tips and tricks?
January 11, 2024, 06:41:11 AM
I am sorry if I am breaking forum etiquette by posting in this thread, but the thread has the same topic as my problem. Unfortunately the information within has not helped me find a solution.

My configuration is basically the config that netnut describes, with the addition that I've also enabled DNS over TLS.

What I want to achieve is that any query on the local domain goes to bind, everything else (i.e. the Internet) is forwarded by DoT.

I've come so far that I get correct answers if I am querying bind directly, but I am unable to get unbound to forward the local queries to bind. In my unbound log the only trace I find is:
Code Select
info: resolving local.domain.tld. A IN

But no answer is gained.

I am quite at a loss how to debug this.

The domain in question is under a CCTLD.

Unbound
- Listen on all interfaces on port 53
- Enable DNSSEC Support (enabled)
- Register DHCP Leases (enabled)
- Register DHCP Static Mappings (enabled)
- Use System Nameservers (disabled)
- Query Forwarding:
- Domain: local.domain.tld
- Address: 127.0.0.1
- Port: 53530
- DNS over TLS
- Domain: .
- Address: Quad9 IPv4 and IPv6

BIND
- Listen on 127.0.0.1:53530
- Recursion: RFC1819 (ACL defined bellow)
- Allow Query: RFC1819 (ACL defined bellow)
- DNSSEC Validation: Auto

- ACL
- Name: RFC1918
- Networks: RFC1918 and 127.0.0.0/24

- Master Zone
- Zone Name: local.domain.tld
- Allow Query: RFC1918
- [other zone options]

- Records
- Zone file with NS records (127.0.0.1) and hosts (FQDN's finished with a . (dot))

Any and all help is greatly appreciated.
Pages1