DHCP Static Mappings as Aliases?

Started by beclar2, September 22, 2016, 10:46:20 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
September 22, 2016, 10:46:20 PM
Hi folks,

I have entered a lot of DHCP Static Mappings and now it´s time to set up firewall rules for these clients. Is there any way to set (or export) DHCP Static Mappings as Firewall Aliases?

Thanks in advance,
beclar2
May 07, 2020, 03:32:23 PM #1
I just started with Opnsense recently, and I must say I love it so far. Not often have I wanted to donate on a new piece of OS software so quickly.

But this is the first real issue I run into, it seems like a logical thing to have static DHCP mappings available as Aliases, is there any way of doing this yet that anyone knows of?
May 07, 2020, 06:25:25 PM #2
That would indeed make sense from a user perspective. But tightly integrating different services results in dependencies which can cause unforeseen issues in the future. This has repeatedly happened, e. g. with the DHCP server / Unbound integration. I think the core devs are reluctant to create even more dependencies unless absolutely necessary. As much as I sometimes wish that it would be possible to e. g. use firewall aliases as static route destinations or, like in your case, DHCP static mappings as firewall aliases, I can see the trouble this could cause.

Cheers

Maurice
OPNsense virtual machine images
OPNsense aarch64 firmware repository

Commercial support & engineering available. PM for details (en / de).
March 05, 2023, 10:42:35 AM #3
Just run into the same topic and would also vote for having the option to register DHCP as Aliases.

Yes, it creates dependencies, which might become a problem if not properly resolved. A couple of thoughts why to do it anyway:

- Give the users the option to chose as it should be their decision since they are taking the risk anyway
- resolving Aliases against DHCP lease names is not that much of a challenge, right? Two key value lists matching the keys against each other. And hey, we could even use redis which is available as a package for opnsense.
- From my point of view, the benefit from the option to chose an automatic dhcp -> alias registration outweights the cost of a potential risk coming from dependency.
November 28, 2023, 07:16:18 AM #4
This is still a problem. The workaround is adding explicit A/AAAA overrides, which is double-specification, when the entire point of registering the DHCP hosts in Unbound/Dnsmasq is to avoid that. It would be nice to be able to create arbitrary Aliases, but I'm forced to attach them to an existing override.

What if the lists that show overrides in Unbound and Dnsmasq could, in addition to showing regular overrides, show the DHCP hosts as non-editable pseudo-entries so that relevant aliases could be added?
November 28, 2023, 09:45:32 AM #5
opnsense has this:
https://docs.opnsense.org/manual/unbound.html#general-settings

Look for:
DHCP Static Mappings
May 22, 2024, 10:28:28 AM #6
You may use Dnsmasq DNS instead of Unbound. It allows easier configuration of aliases.
May 27, 2024, 10:16:29 AM #7
The last two responses are not at all helpful.

Quote from: yourfriendarmando on November 28, 2023, 09:45:32 AM
Look for:
DHCP Static Mappings

We're all already using those, which is why we'd like to be able to specify aliases for them.

Quote from: opnsense-user-4398 on May 22, 2024, 10:28:28 AM
You may use Dnsmasq DNS instead of Unbound. It allows easier configuration of aliases.

It has the exact same issue (I mentioned it in my first reply). The hosts that are already mapped to an IP in DHCP are not present in the Unbound or Dnsmasq lists, so one cannot assign aliases to them. An IP address must be double-specified (once in DHCP and once in the chosen DNS override service) for each host you require aliases for.
Print
Go Up Pages1
User actions