Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
19.7 Legacy Series
»
multiple host overrides within single domain
« previous
next »
Print
Pages: [
1
]
Author
Topic: multiple host overrides within single domain (Read 2783 times)
erje
Newbie
Posts: 10
Karma: 0
multiple host overrides within single domain
«
on:
January 28, 2020, 12:13:09 am »
Dear community,
I have setup a DNS forward for mydomain.com. Behind this domain I have multiple computers running with different services. Computer1 has internal IP 10.0.0.1 with services on port 443, 8070 and 3031, computer2 with IP 10.0.0.2 with services on 443, 12320, 12322, computer3 10.0.0.3 ... etc
With port forwards in OPNsense I can access them all from outside i.e.
https://mydomain.com
or
https://mydomain.com:5443
or
https://mydomain.com:3030
.
To access the services from within the LAN I believe that best practice is to use unbound and create overrides. This work fine for 1 host but I can't figure out how to set this up for multiple hosts.
Any advice would be very much appreciated as I'm stuck for hours now.
Eventually I would like to have subdomains to redirect to the right computer/service. So instead of mydomain.com:5443 I use private.mydomain.com. Is this possible with SVR records?
Thanks,
Robbert
OPNsense 19.7.10-amd64
FreeBSD 11.2-RELEASE-p16-HBSD
OpenSSL 1.0.2u 20 Dec 2019
Logged
bartjsmit
Hero Member
Posts: 2016
Karma: 194
Re: multiple host overrides within single domain
«
Reply #1 on:
January 28, 2020, 11:30:21 am »
Hi Robert,
With so many internal hosts, is there any mileage in setting up a DNS server on one or two of them?
In my eyes the DNS on the firewall is to accommodate users that are looking for a drop-in replacement for a traditional ISP router.
In a multi-server environment, a firewall should make for a hole in the network and perform as few services as possible.
Bart...
Logged
erje
Newbie
Posts: 10
Karma: 0
Re: multiple host overrides within single domain
«
Reply #2 on:
January 28, 2020, 12:14:58 pm »
Hi Bartjsmit,
I was thinking about setting up 2 separated DNS’s before. But I recently moved to an opnsense high availability setup with 2 APU4 boards. After reading about unbound (and other features) I thought it would be a nice way to include the DNS this way.
If this would complicate the firewall configuration significantly and possibly reduces security or reliability, then I will definitely move back to having the DNS outside opnsense.
But if opnsense is able to host this reliable for about 10 users, I still might want to give it a try. The APU(3)’s run quite reliable in general and with the H/A it will allow the most important things to run with just one of the opnsense functional.
Regards,
Robbert
Logged
bartjsmit
Hero Member
Posts: 2016
Karma: 194
Re: multiple host overrides within single domain
«
Reply #3 on:
January 28, 2020, 12:42:38 pm »
I'm with you - I would set up two DNS servers with resilience to match the availability of your firewalls. That is assuming you don't have a single point of failure elsewhere in your stack. E.g. if all your hosts run as VM's on a single machine, there is little point in running two DNS servers.
You can also split your DNS by having the internal hosts on internal authoritative server(s) that forward to unbound on OPNsense to get the best of both worlds.
Bart...
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
19.7 Legacy Series
»
multiple host overrides within single domain