Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
20.1 Legacy Series
»
Unbound DNS
« previous
next »
Print
Pages: [
1
]
Author
Topic: Unbound DNS (Read 4126 times)
mestafin
Newbie
Posts: 49
Karma: 2
Unbound DNS
«
on:
April 04, 2020, 05:33:40 pm »
I have two separate LAN networks, each behind an OPNsense firewall with two private domains:
aaa
and
bbb
The two networks are link via a site-to-site VPN;
On each network, Unbound is configured as the local DNS server to to resolve local host names of the format:
host1.aaa
and
host2.aaa
for the one network and
host3.bbb
and
host4.bbb
for the other network.
How do I configure the Unbound DNS server on the aaa domain to forward queries for hosts on the bbb domain to the Unbound server on the bbb domain?
Logged
stefanpf
Jr. Member
Posts: 75
Karma: 5
Re: Unbound DNS
«
Reply #1 on:
April 04, 2020, 05:58:10 pm »
You can use a Domain overwrite with the IP of the Others Side.
Logged
mestafin
Newbie
Posts: 49
Karma: 2
Re: Unbound DNS
«
Reply #2 on:
April 04, 2020, 06:45:46 pm »
I have already done that and created an access list entry for both Unbound servers to allow queries from the other network, but it still cant resolve the other network
Logged
mestafin
Newbie
Posts: 49
Karma: 2
Re: Unbound DNS
«
Reply #3 on:
April 04, 2020, 06:47:39 pm »
More information...
I can ping the other network from both sides, so there is not an access problem between the opnsense units
Logged
stefanpf
Jr. Member
Posts: 75
Karma: 5
Re: Unbound DNS
«
Reply #4 on:
April 04, 2020, 07:26:50 pm »
I personaly use it with ipsec:
- accesslist entry
- firewall rule for DNS (as I use an internal LAN IP at the overwriting)
that's it
Logged
mestafin
Newbie
Posts: 49
Karma: 2
Re: Unbound DNS
«
Reply #5 on:
April 05, 2020, 09:48:58 am »
Hi,
I also specified an internal LAN address on the other network for the domain overrides
Can you elaborate on the fw rule(s) that you have for DNS traffic between the networks please?
At the moment, I allow all traffic on the two IPsec interfaces. I can ping and access the opnsense gui unit from the other network using the internal LAN addresses, so I think traffic is being passed through.
The one network also has a number of VLAN's with the Unbound server listening on all interfaces.
The one network has a dual HA cluster, but I don't think that is the cause of the problem.
Any further advice will be appreciated
Logged
stefanpf
Jr. Member
Posts: 75
Karma: 5
Re: Unbound DNS
«
Reply #6 on:
April 05, 2020, 10:37:51 am »
I use a simple Rule (the sense itself forwards traffic to the domain-controllers):
Interface: IPSEC
IPV4+IPV6
Protocol: TCP/UDP
Source: ANY
Destination: This Firewall
Dst-Port Range: DNS(53)
Have you aready tried to access the remote dns servers directly via nslookup?
Edit: Not sure if this ist relevant: I defined the outgoing Interface at unbound settings with a local Interface (the Interface which network ist included in my vpn client subnet)
«
Last Edit: April 05, 2020, 10:58:16 am by stefanpf
»
Logged
mestafin
Newbie
Posts: 49
Karma: 2
Re: Unbound DNS
«
Reply #7 on:
April 09, 2020, 11:28:06 am »
Thanks for help, it is working now.
Not exactly sure what fixed the issue
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
20.1 Legacy Series
»
Unbound DNS