Accessing local DNS server in different subnet

Started by ark, March 28, 2021, 06:38:50 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
March 28, 2021, 06:38:50 PM
I have opnsense router box with ip address (192.168.2.1) that act as internet gateway and local dns server (linux with pi-hole and unbound)with ip address (192.168.1.10)
Both segment are serving different client since there are another gateway router in 192.168.1.1 (same subnet as my dns server), the problem is I want my dns server to serve request from client in both segment but I seems cannot connect to the dns server from opnsense, do I have to route in terminal or is there a way in the opnsense GUI to make it work?
both the opnsense and the dns server are served in VM and using different VLAN for each subnet.
March 28, 2021, 07:51:56 PM #1
OPNsense has static routes under System, Routes, Configuration

Do the DNS server and the gateway router have a (static) route back to OPNsense and its clients?
Do you allow TCP and UDP 53 to the DNS server along the path?

Bart...
March 28, 2021, 10:22:00 PM #2
Quote from: bartjsmit on March 28, 2021, 07:51:56 PM
OPNsense has static routes under System, Routes, Configuration

Do the DNS server and the gateway router have a (static) route back to OPNsense and its clients?
Do you allow TCP and UDP 53 to the DNS server along the path?

Bart...

Also Unbound Access list needs to allow the subnet the request is coming from.
April 01, 2021, 01:11:12 AM #3
Quote from: bartjsmit on March 28, 2021, 07:51:56 PM
OPNsense has static routes under System, Routes, Configuration

Do the DNS server and the gateway router have a (static) route back to OPNsense and its clients?
Do you allow TCP and UDP 53 to the DNS server along the path?

Bart...

I'm afraid I haven't set it up yet, the opnsense have 2 virtual NIC LAN (separated by VLAN from VM) and 1 NIC WAN (different port), so I have to set the static router and UDP 53 on opnsense only right?

the DNS Server only have 1 virtual NIC LAN for segment 192.168.1.x (255.255.255.0), I don't know best what's the best practice or do I have to set 2 virtual LAN on the DNS Server and use only one LAN in the opnsense?

the opnsense serve internet from it's own WAN port, while the DNS serve access the internet from it's own gateway (192.168.1.x)

April 01, 2021, 01:13:20 AM #4
Quote from: Napsterbater on March 28, 2021, 10:22:00 PM
Quote from: bartjsmit on March 28, 2021, 07:51:56 PM
OPNsense has static routes under System, Routes, Configuration

Do the DNS server and the gateway router have a (static) route back to OPNsense and its clients?
Do you allow TCP and UDP 53 to the DNS server along the path?

Bart...

Also Unbound Access list needs to allow the subnet the request is coming from.

the DNS is served using dnsmasq from pi-hole, while the DNS server itself resolve domain using unbound, in the pi-hole GUI setting there are option to accept all dns request regardless of it's port, will it be enough?
Print
Go Up Pages1
User actions