1
22.7 Legacy Series / Question about DNS configuration + ipsec
« on: September 30, 2022, 10:18:02 am »
Hello,
I am not sure i am on the good forum category, but did not find where to put that as it's related to DNS and not IPSEC.
I have got a question about how to do dns cache/Conf for a remote site with opnsense.
First of all here is the contexte.
On the remote site (let's name it SITE B) i have got:
FAI modem
OPnsense firewall
Lan
On the office (let's name it SITE A) i have got:
Firewall (not opnsense)
Lan
3 DNS Server for my domain
AD server and file share etc.
An ipsec point is in place between SITE A and B and works.
In system settings, general, i put all the server list (the 3 home dns server + the FAI modem)
What i want to do:
I wan t all the computer from site B, have an answer from the 3 DNS server from site A, and if the Site A is down (for exemple ipsec is down) use the default internet gatteway so if the tunnel is down i continue to have internet access.
What i am using for the moment is to put one of of the DNS server from site A + opnsense ip on the DHCP settings LAN on SITE B.
It works, but that's not good.
If the only server i put is rebooting, i lost the access from site B to all the network of site A (no dns answer)
From the opnsense firewall, if i try to ping a computer name that the DNS Server from site A now, it does not works (whereas it works for the computer on LAN)
What i imagine that should be:
On lan DHCP, i should only have opnsense ip as DNS, and that should be opnsense that cache answer and ask to 1 of the 3 server to have the answer if it does not have on cache.
And if none of the 3 server answer, ask to the "default" dns that is to say the FAI box.
Is that possible?
Is there a way to do that?
Thank's a lot.
I am not sure i am on the good forum category, but did not find where to put that as it's related to DNS and not IPSEC.
I have got a question about how to do dns cache/Conf for a remote site with opnsense.
First of all here is the contexte.
On the remote site (let's name it SITE B) i have got:
FAI modem
OPnsense firewall
Lan
On the office (let's name it SITE A) i have got:
Firewall (not opnsense)
Lan
3 DNS Server for my domain
AD server and file share etc.
An ipsec point is in place between SITE A and B and works.
In system settings, general, i put all the server list (the 3 home dns server + the FAI modem)
What i want to do:
I wan t all the computer from site B, have an answer from the 3 DNS server from site A, and if the Site A is down (for exemple ipsec is down) use the default internet gatteway so if the tunnel is down i continue to have internet access.
What i am using for the moment is to put one of of the DNS server from site A + opnsense ip on the DHCP settings LAN on SITE B.
It works, but that's not good.
If the only server i put is rebooting, i lost the access from site B to all the network of site A (no dns answer)
From the opnsense firewall, if i try to ping a computer name that the DNS Server from site A now, it does not works (whereas it works for the computer on LAN)
What i imagine that should be:
On lan DHCP, i should only have opnsense ip as DNS, and that should be opnsense that cache answer and ask to 1 of the 3 server to have the answer if it does not have on cache.
And if none of the 3 server answer, ask to the "default" dns that is to say the FAI box.
Is that possible?
Is there a way to do that?
Thank's a lot.