Messages

1

24.7 Production Series / Re: subdomain DNS resolution for a lan host

« on: October 09, 2024, 10:30:45 pm »

Thank you. I will give this a try.

I have another idea to test that is not as good as your suggestion but might also work. That is to use a DNS rewrite rule in adguard.

2

24.7 Production Series / Re: subdomain DNS resolution for a lan host

« on: October 09, 2024, 08:14:39 am »

So it seems like I can get this to work by adding a host override in my unbound config. See attached screen shot.

so now wetty.omv.lan or test.omv.lan resolve to the IP of omv.lan

I guess it is a bit limited as it will only work while the IP of omv.lan does not change... 

Any other ways to do this?

3

24.7 Production Series / subdomain DNS resolution for a lan host

« on: October 09, 2024, 02:41:22 am »

I have a simple opnsense setup for my home network. I use the adguard plugin together with unbound on port 5335

Everything is working fine for dns resolution for all of my lan hosts.

I have one host that I need to resolve for any subdomain on this host as follows:

host.lan -- 192.168.1.10 (working)
test.host.lan  -- 192.168.1.10 (DOES NOT WORK)

Is there a way to allow / config so that anything.host.lan resolves to the same ip as host.lan?



 

4

24.7 Production Series / Re: VLAN Issue?

« on: September 11, 2024, 05:17:49 am »

I'm an opnsense newbie so this might be stupid for me to ask so sorry if so...

Just wanted to check you have configured and enabled and saved settings for your lan and wan interfaces?

I don't think they will show up to be assigned as the parent in the vlan config until enabled.

I think the help text is referring to interfaces in opnsense that are compatible with vlan - it's not about the minipc hardware

5

24.7 Production Series / Re: KEA vs ISC dhcp

« on: August 29, 2024, 10:53:00 pm »

Thanks all. My takeaway is to stay with ISC and wait for something better that is coming soonish...

6

24.7 Production Series / Re: KEA vs ISC dhcp

« on: August 29, 2024, 10:24:06 am »

Any thoughts on my first question regarding KEA and how it handles hostname vs. ISC?

My understanding is that ISC will be around for a while so it's not an immediate concern. I'd be interested to hear if/how others are getting on with KEA?

7

24.7 Production Series / Re: KEA vs ISC dhcp

« on: August 29, 2024, 08:05:42 am »

haha - thanks guys. I knew there was a better way than restarting my router. I tried restarting dhcp but this wasn't working.

To be clear - i restart unbound dns. Correct?

8

24.7 Production Series / KEA vs ISC dhcp

« on: August 29, 2024, 12:44:34 am »

I am on latest 24.7 and have tried switching to KEA dhcp (I only use ipv4 on my system) but have found that a number of clients do not resolve to their hostname using KEA so I went back to ISC.

Is this a known limitation for KEA dhcp at the moment?

I also remember reading a release note for opnsense 24.7 relating to ISC dhcp and static dhcp reservations - something about having to restart a service after changing/adding reservations. At the moment I need to restart opnsense for these new reservations to apply but there must be a way to do this without having to restart?

9

24.7 Production Series / Re: 24.7 upgrade was smooth

« on: July 26, 2024, 09:55:54 am »

Thanks. Checked for updates again and 24.7 turned up. Installed and everything seems fine so far.

Congrats to Franco and all the contributors/team

10

24.7 Production Series / Re: 24.7 upgrade was smooth

« on: July 26, 2024, 06:42:12 am »

This is noob question but how do you upgrade?

I have latest opnsense 24.1. New install on bare metal around 2 months ago - so quite a clean situation.

I was expecting an option to upgrade to 24.7 but nothing so far.

11

Documentation and Translation / Re: AdGuard Home setup guide

« on: June 20, 2024, 07:56:49 am »

UPDATE: Be very careful with this as it can have quite significant consequences - especially with servers that are doing lots of things. Looks like adding to disallowed clients has a big impact on dns resolution for the clients on this list.

By way of update on this I think I have found a couple of settings in AdGuard that help solve this.

If you want to completely ignore a client, then you add it to disallowed clients in the DNS settings of adguard.

If (like me) you are getting lots of noise from clients communicating with other clients on the lan by hostname (e.g. client1.lan), then you can add lan to disallowed domains in adguard DNS settings.

12

Documentation and Translation / Re: AdGuard Home setup guide

« on: June 20, 2024, 03:00:59 am »

hello dave14305! I know you from the asus / merlin forums.

Yes - i can not block easily and nothing important is being blocked from what I can see anyway.

I just don't like the noise/volume from this machine and there might be other clients that I want to exclude from adguard so looking for another way.

At the moment I have a trade off between resolving hostname and using adguard.

13

Documentation and Translation / Re: AdGuard Home setup guide

« on: June 20, 2024, 01:30:11 am »

Hello - I am new to opnsense but have my setup working well and I followed this guide to setup AdGuard Home with Unbound and it is working fine. So thank you to all the contributors!

I have one client (a server) using a ipv4 static DHCP lease that I wanted to setup so that it bypasses adguard but uses unbound.

I have tried to set the DNS to 192.168.1.1:5335 (unbound) but opnsense dhcp does not like the :5335 part...

If I use an external DNS like 8.8.8.8 it bypasses adguard but I can't access the server by its hostname as reverse lookup is through unbound.

In summary I need to configure a client to not use adguard but still be able to resolve it by hostname

Any thoughts on how I can make this work?

14

24.1 Legacy Series / Re: Alternative to using a reverse proxy and port forwarding

« on: June 12, 2024, 12:53:28 am »

Thanks for this. Good suggestion.

Do I need to buy a domain to use this setup or can I continue to use my duckdns DDNS service?

15

24.1 Legacy Series / Re: Alternative to using a reverse proxy and port forwarding

« on: June 11, 2024, 07:10:39 am »

Thank you. Very helpful input.

I will continue to use my reverse proxy approach as I only open up to a few key services that are all up to date and each has authentication.

My reverse proxy is using subdomains to identify/map services so I guess this adds some protection as the subdomains are only known my me...