OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • English Forums »
  • General Discussion »
  • Bind and dhcp (rndc)
« previous next »
  • Print
Pages: [1]

Author Topic: Bind and dhcp (rndc)  (Read 2106 times)

Hilbert

  • Newbie
  • *
  • Posts: 3
  • Karma: 0
    • View Profile
Bind and dhcp (rndc)
« on: February 10, 2021, 02:10:27 pm »
Hi,

My first post here. I did a search and could not find a satisfying answer ;-)

My problem, I don't like unbound dns and dnsmasq. Because of the lack of a cname.
- Unbound knows aliases, but after a query it gives a random alias back (that is what I have seen)
- dnsmasq something along the same lines.

bind has this posibility and is working in the 21.0 release.

My problem is that rndc is generated by the bind plugin, but the dhcp userinterface does not give the posibiliy to include that at the appropriate position:

Code: [Select]
include "/etc/dhcp/rndc-keys/rndc.key"; 
     
 zone somedomain.com. { 
  primary 172.31.30.5; 
  key rndc-key; 
 } 
   
 zone 30.31.172.in-addr.arpa. { 
  primary 172.31.30.5; 
  key rndc-key; 
 } 

This part can, at this point not be done. Because it is not a "sub" zone/network.

Is there a way to add this to the user interface, or is there a way to do it by hand and is it not removed by an update when you change it in the gui... some sort of "super adcanced" options ;-)

Something like:
Code: [Select]
[ ] use rndc key (bind plugin is obligated)

Zone include:
[ text box:
 zone somedomain.com. {
  primary 172.31.30.5;
  key rndc-key;
 }
]

Reverse zone include:
[ text box:
zone 30.31.172.in-addr.arpa. {
  primary 172.31.30.5;
  key rndc-key;
 }
]
[button: delete zone] |  [ button: add more zone's ]

Something like this would make it possible to use bind as primary dns server within your opnsense network.

Regards,
Hilbert
Logged

Th0mas

  • Newbie
  • *
  • Posts: 4
  • Karma: 0
    • View Profile
Re: Bind and dhcp (rndc)
« Reply #1 on: October 15, 2022, 04:55:16 am »
I have the same problem as Hilbert.

The auto generated rndc-key in rndc.conf (which we can not change via OPNsense UI) uses the hmac-sha256 algorithm.
OPNsense regular dhcpd service only offers hmac-md5 and hmac-sha512 which renders the dynamic DNS feature useless unless we can modify the algorithm and key.

I'm also questioning myself if manually modify the rndc.conf survives OPNsense Bind plugin updates or if we have to create a /usr/local/opnsense/service/templates/OPNsense/Bind target overlay for this file to make the key stable?
Logged
  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • English Forums »
  • General Discussion »
  • Bind and dhcp (rndc)
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2