Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Documentation and Translation
(Moderator:
fabian
) »
Use OPNsense as primary DNS with bind 9.10 - HOWTO needed
« previous
next »
Print
Pages: [
1
]
Author
Topic: Use OPNsense as primary DNS with bind 9.10 - HOWTO needed (Read 15475 times)
stesin
Newbie
Posts: 4
Karma: 0
Use OPNsense as primary DNS with bind 9.10 - HOWTO needed
«
on:
February 13, 2016, 04:37:37 pm »
Dear colleagues,
OPNsense is a great and exciting product, millions of thanks for this great work! Being a nonprofit, we appreciate the availability of the free product with this kind of functionality, comparable to industry leaders.
However, we have a simple (maybe basic) question. What we need is to get our firewall to become a primary DNS server for some 2-3 domains for our projects. Yes we have bind910 package installed. But what is correct approach to achive the goal?
Now we have DNS Forwarder in operations. Is it really dnsmasq, what I guess?
What exactly is used as DNS Resolver - is it BIND itself, or whatever?
Which is a correct way to achieve the following setup:
1) a completely independent DNS Server (BIND) working as a service at WAN interface and serves as primary for our zones,
2) external (via WAN) queries for x.mydomain.org are resolved into visible official A records,
3) internal (via LAN) queries for x.mydomain.com are resolved into RFC#1918 A records with IPs from "grey", corporate range like 10.whatever
If anyone from the team give some suggestions about "what is OPNsense policy for this", I'd write a brief HOWTO on this for the community.
Thanks in advance!
WBR, Andrii
Logged
franco
Administrator
Hero Member
Posts: 17661
Karma: 1611
Re: Use OPNsense as primary DNS with bind 9.10 - HOWTO needed
«
Reply #1 on:
February 15, 2016, 08:14:39 am »
Hi Andrii,
DNS Forwarder is dnsmasq, DNS Resolver is unbound. Bind is installed too, but is only used in the GUI for RFC 2136 Dynamic DNS.
You can configure Bind manually like you would in a normal FreeBSD installation.
https://forums.freebsd.org/threads/guide-bind-9-10-install-on-freebsd-10.45716/
You should see if unbound can do what you want (which it probably can) and go from there. It's likely that we can provide docs for unbound/dnsmasq, but not for bind.
Cheers,
Franco
Logged
stesin
Newbie
Posts: 4
Karma: 0
Re: Use OPNsense as primary DNS with bind 9.10 - HOWTO needed
«
Reply #2 on:
February 15, 2016, 12:58:30 pm »
Dear Franco,
thank you for the hint. Just one more question: in case I (maybe, who knows?) will someday enable DynDNS in the GUI, will it clobber my DNS configuration away, or not?
I took a brief look at unbound docs, it seems to me that I'll be more comfortable with good old named (which I'm familiar with since 1993) and rc.conf
That's just my personal bias, of course.
WBR,
Andrii
Logged
franco
Administrator
Hero Member
Posts: 17661
Karma: 1611
Re: Use OPNsense as primary DNS with bind 9.10 - HOWTO needed
«
Reply #3 on:
February 16, 2016, 05:14:15 am »
Hi Andrii,
Good question. It looks like each RFC 2136 entry has its own config so it should not clobber your own unless you start to add your own entries manually. named.conf and named are unaffected.
Although unbound was the replacement for bind in FreeBSD this was largely due to many security advisories being registered for bind so it was decided to replace it. In OPNsense we have bind in the ports tree so you get the latest security updates anyway and it's unlikely going to be removed. It may also be a plugin some day, too.
You should be ok with your choice of named and rc.conf. If not let me know.
Cheers,
Franco
Logged
skatopn
Newbie
Posts: 37
Karma: 0
Re: Use OPNsense as primary DNS with bind 9.10 - HOWTO needed
«
Reply #4 on:
February 21, 2024, 01:40:58 am »
Hi @franco and the OPNsense Team,
I know this is an old threat, but it is the most relevant one to my search, as I have the very same questions as the OP.
I would like to
strongly
suggest that
BIND remain an integral part of the OPNsense distribution
on the simple grounds that it appears to be the
only
DNS package that can be used to perform
Authoritative name resolution
.
It was very interesting to see @franco coalesce from separate Help topics that:
Quote from: franco on February 15, 2016, 08:14:39 am
...DNS Forwarder is dnsmasq, DNS Resolver is unbound...
I would like to see some kind of help text in the GUI for
each
of these tools that makes these DNS roles
unambiguous
- there is currently no such mention as far as I can see for any of them.
Thanks.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
Documentation and Translation
(Moderator:
fabian
) »
Use OPNsense as primary DNS with bind 9.10 - HOWTO needed