BIND plugin configuration

Started by bs-opn, August 09, 2019, 07:27:23 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
August 09, 2019, 07:27:23 PM
I am trying to transition from pfSense to OPNsense and I'm trying to get the pfBlocker functionality replicated.

I currently have Unbound DNS running on port 5053. I have bind running on port 53.

I can modify the /usr/local/etc/namedb/named.conf to specify a port for a forwarder, but I can't do that in the UI. Any changes in the UI will overwrite my changes to the named.conf.

My apologies for the basic question, but what is the best way of making an enhancement request to allow the UI forwarder input validation to allow specifying a port that gets broken out in the named.conf as:

    // Unbound listens on 5053 and forwards to CloudFlare via DNS-TLS
    forwarders {
        127.0.0.1 port 5030;
    };
August 09, 2019, 08:13:11 PM #1
Here you can add a feature request:
https://github.com/opnsense/plugins/issues

Idea: Add an IP Alias and let Unbound only listen to this alias, then you don't need the port when BIND only listens to other IP addresses :)
August 09, 2019, 11:19:22 PM #2
Thanks for the recommendation. Unfortunately, Unbound wants a Network Interface to listen to for requests. Bind wants an IP address. Is there an easy way to get unbound to use an IP Alias? I think that would solve what I'm trying to do.

I'm trying to stick with a solution that keeps everything in the config.xml so it doesn't get overwritten whenever I make a change through the GUI.
August 10, 2019, 06:33:45 AM #3
It can listen in WAN when your firewalling is correct.
August 10, 2019, 06:59:12 AM #4
BTW if you want DNS encryption and don't insist on DoT you could use dnscrypt plugin which also supports DNSBL!
Print
Go Up Pages1
User actions