Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
Unbound binds to all addresses?
« previous
next »
Print
Pages: [
1
]
Author
Topic: Unbound binds to all addresses? (Read 352 times)
ipartola
Newbie
Posts: 16
Karma: 0
Unbound binds to all addresses?
«
on:
September 22, 2024, 08:30:31 pm »
I am trying to set up a separate VLAN for a kids’ network on my home setup. Latest stable opnsense running on a stand-alone box. The main goal is to firewall as well as DNS limit kids from accessing stuff on the web they don’t nee via my NextDNS subscription. However I am running into a limitation where I can’t run two separate DNS services on port 53 even though I specify which address/interface I want used. My main DNS server is Unbound and it is set up to run on the LAN interface, port 53. Trying to spin up Bind, or dnsmasq, or ideally dnscrypt-proxy on the address associated with my KIDS0 interface and port 53 says “Unbound is already using port 53 on this address”. This seems like a bug in Unbound unless I am missing something.
The eventual goal is to have Unbound continue serving LAN and forwarding its queries to the main/adult NextDNS profile, and another forwarded just on the KIDS0 interface that forwards queries to a kids NextDNS profile. I do have options such as using a separate piece of hardware to run a separate DNS server for the kids VLAN or setting up each of the kids’ devices with a DNS config for DNS-over-HTTPS directly to NextDNS but I was hoping there would be an oprion that involved me only configuring things in my opnsene box.
Thanks in advance.
Logged
viragomann
Full Member
Posts: 190
Karma: 7
Re: Unbound binds to all addresses?
«
Reply #1 on:
September 25, 2024, 10:35:05 pm »
Let NextDNS listen on a different unused port and forward port 53 on the children interface to it.
Logged
dseven
Sr. Member
Posts: 307
Karma: 33
Re: Unbound binds to all addresses?
«
Reply #2 on:
September 26, 2024, 10:19:38 am »
It appears that Unbound still gets configued to listen on the loopback interface even when (other) interfaces are specified. That's probably where the conflict is occurring. That seems arguably a bug in OPNsense, although the (default) loopback interface seems to be a bit buried in the UI, so I'm not sure it'd be an easy fix, since there would need to be a way to actually specifically listen there - I suppose it could be a separate option or something....
Using NAT as suggested is probably a good workaround....
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
Unbound binds to all addresses?