DHCP registration with subzones for multi subnets.

Started by stasiakk, May 26, 2020, 11:49:06 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
May 26, 2020, 11:49:06 AM
Hi, I try to configure OPNsense to serve DHCPv4 to few subnets (LAN) and serve dns for them. Its working but all hosts in any subnet is registered as global domain (corp.com as example). I see option DHCP domain override in global unbound settings but is one for all subnets and its not i want do do. ( I want to have dns subzone for every subnet)

I want to set something like that:

corp.com ---- [router.corp.com]--| (SUBNET 16 PUBLIC IP for NAT)
                                                |--> subnet1.corp.com (10.10.10.0/24)
                                                          |--> [host1.subnet1.corp.com] ( 10.10.10.1)
                                                          |--> [host2.subnet1.corp.com] ( 10.10.10.2)
                                                          |--> [host3.subnet1.corp.com] ( 10.10.10.3)
                                                |--> subnet2.corp.com (10.10.20.0/24)
                                                |--> subnet3.corp.com (10.10.30.0/24)
                                                          |--> [host11.subnet3.corp.com] ( 10.10.30.2)
                                                          |--> [host12.subnet3.corp.com] ( 10.10.30.3)
                                                          |--> [host13.subnet3.corp.com] ( 10.10.30.4)
                                                |--> subnet4.corp.com (10.10.40.0/24)
                                                |--> dmz.corp.com (10.100.100.0/24) (no DHCP, no DNS)

I have set DHCPv4, and it serve ip corectly.
I set domain name and domain searchlist in DHCPv4 config for all subnets.
I need CNAME, MX, TXT records in subnets and i set domain overrides (delegation) in unbound and zones for subnets in BIND for this subnets.
All its working fine but dhcp dynamic leases for all subnets are registered in global domain (hostname*.corp.com).
Is it even possible to setup this in that way?
May 26, 2020, 12:04:07 PM #1
Quote from: stasiakk on May 26, 2020, 11:49:06 AM
Is it even possible to setup this in that way?

Unfortunately not. Per host domains are possible by using DHCP static mappings, but per subnet domains for dynamic leases are currently not supported.

Cheers

Maurice
OPNsense virtual machine images
OPNsense aarch64 firmware repository

Commercial support & engineering available. PM for details (en / de).
May 26, 2020, 01:18:26 PM #2
Thx, I try everything to solve it by GUI.
Did anybody try to set it by commandline, or some hacks?
I'm new in OPNsense, but it could be done maybe with bind zones and rndc?
May 27, 2020, 11:58:08 AM #3 Last Edit: May 27, 2020, 12:00:25 PM by stasiakk
Ok, i have done it (it seems working) but ... it need some changes in opnsense.

I have successfull done and working solution for multidomain lan based on BIND and rndc-key.

What i did and its working fine:   :)
- change rndc-key in conf/config.xml to the same as in bind (sha-256 manually enter needed, bcs there is no option in template)
- add zones for all subnets subdomains (one zone for subdomain)
- add 10.in-addr_arpa zone for revdns
- add update permision in zone config (manually in /usr/local/etc/namedb/named.conf)

What is not working:   :(

- i think on restart or changes by gui file  /usr/local/etc/namedb/named.conf and zones db are regenerated witchout my changes ( I need to copy /usr/local/etc/namedb/named.conf them from backup by cron but its templorary)

- zone management in GUI BIND is not possible, is not display corect zones changed by dhcp (but in zone.db there are records)

Did anyone have suggestions how to prevent regeneration of zone db, and add update permission to zone config?
Print
Go Up Pages1
User actions