Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
23.7 Legacy Series
»
Advanced dns setup and redirection
« previous
next »
Print
Pages: [
1
]
Author
Topic: Advanced dns setup and redirection (Read 677 times)
ivarh
Newbie
Posts: 8
Karma: 0
Advanced dns setup and redirection
«
on:
January 08, 2024, 11:05:50 am »
I am trying to redirect all local dns requests destined for the internet to be redirected to the unbound resolver running on the opnsense firewall. This works great. However I have local dns server that needs to be able to talk to 3 external dns servers.
It is running as a hidden primary nameserver for several domains that are all signed with dnssec and the dnssec keys are stored on this server. It pushes its signed zonefiles to 3 external nameserver that are seen as the official nameservers for those domains. This so that if any of them are compromized the dnssec keys are not compromized since they are not stored on any of those nameservers.
Here is a badly drawn map of my setup
I am looking to set up rules so that when lan ip1 connects to ext ip1,2,3 it does not get redirected to the local ubound instance but is let through as if the dns redirection is not there. I have not been able to make this part of the setup work. I have a portforwarding rule in the nat subsection allowing the ext ip1,2,3 to be forwarded to lan ip1.
Also I have been unable to set up redirection of ipv6 dns requests to the local unbound resolver.
I have tried using the same rule for ipv4 changiong the redirect ip to ::1.
Here are my port forwarding rules (disabled to make the external nameserers reachable):
I am grateful for any assistance
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
23.7 Legacy Series
»
Advanced dns setup and redirection