1
Development and Code Review / dns/powerdns-recursor as binary package
« on: November 17, 2019, 09:26:27 am »
Dear all,
What does it take to get binary packages of the port of dns/powerdns-recursor which OPNsense has already in its ports tree [1], built and distributed to mirrors so that I can install it manually "pkg install dns/powerdns-recursor" from within a shell?
It is perfectly fine for me to edit its configuration files from the command line, as I use very specific features, such as DNS Reverse Policy Zones (RPZ) with associated Protobuf log exports. Which also implies that these options need to be turned on at build-time of the port/package.
Thus a WebUI, and as I understand a "Plug-in" specific to OPNsense, is not necessary as long the Recursor daemon gets started (and monitored), reads its config from a suitable location (/etc), and writes its logs and temporary files where they belong.
Will the port with the options for RPZ and Protobuf support actually build in OPNsense/HardenedBSD using protoc and LibreSSL instead of OpenSSL?
Please bear with my question, but I am new to OPNsense, and my background is rather OpenBSD. Currently, I consider migrating a mildly complex pfSense setup to OPNsense. It runs on an APU4 from PC Engines at a coworking-space with about 100 simultaneous clients, a single Internet transit over 1/1 GE fiber, IPv4/IPv6 dual-stack, a couple of VLAN segments with specific firewall rules, various services such as HAproxy or validating DNS Firewall, and a Captive Portal which is mainly used during Hackathons.
Thank you,
Rolf
[1] OPNsense ports tree has already the current version 4.2.0 of powerdns-recursor.
https://github.com/opnsense/ports/tree/master/dns/powerdns-recursor
What does it take to get binary packages of the port of dns/powerdns-recursor which OPNsense has already in its ports tree [1], built and distributed to mirrors so that I can install it manually "pkg install dns/powerdns-recursor" from within a shell?
It is perfectly fine for me to edit its configuration files from the command line, as I use very specific features, such as DNS Reverse Policy Zones (RPZ) with associated Protobuf log exports. Which also implies that these options need to be turned on at build-time of the port/package.
Thus a WebUI, and as I understand a "Plug-in" specific to OPNsense, is not necessary as long the Recursor daemon gets started (and monitored), reads its config from a suitable location (/etc), and writes its logs and temporary files where they belong.
Will the port with the options for RPZ and Protobuf support actually build in OPNsense/HardenedBSD using protoc and LibreSSL instead of OpenSSL?
Please bear with my question, but I am new to OPNsense, and my background is rather OpenBSD. Currently, I consider migrating a mildly complex pfSense setup to OPNsense. It runs on an APU4 from PC Engines at a coworking-space with about 100 simultaneous clients, a single Internet transit over 1/1 GE fiber, IPv4/IPv6 dual-stack, a couple of VLAN segments with specific firewall rules, various services such as HAproxy or validating DNS Firewall, and a Captive Portal which is mainly used during Hackathons.
Thank you,
Rolf
[1] OPNsense ports tree has already the current version 4.2.0 of powerdns-recursor.
https://github.com/opnsense/ports/tree/master/dns/powerdns-recursor