OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Archive »
  • 19.1 Legacy Series »
  • Limiting cross-interface DNS in Unbound
« previous next »
  • Print
Pages: [1]

Author Topic: Limiting cross-interface DNS in Unbound  (Read 1646 times)

incirrata

  • Newbie
  • *
  • Posts: 19
  • Karma: 3
    • View Profile
Limiting cross-interface DNS in Unbound
« on: March 27, 2019, 04:26:08 pm »
Hi all, I'm setting up a guest Wi-Fi network in OPNsense. All Wi-Fi is handled via the PUBLIC interface, and I use firewall rules to prevent any traffic from reaching my LAN interface PRIVATE. However, I'm using Unbound DNS  on both interfaces. PUBLIC users could still get the IP of PRIVATE hosts using nslookup, ping, etc. Is there any way to prevent that?

How it currently is:
  • PUBLIC host nslookups PRIVATE host
  • IP address of PRIVATE host is displayed

How I'd like it:
  • PUBLIC host nslookups PRIVATE host
  • ** server can't find [PRIVATE host]: NXDOMAIN
Logged

sbuckmann

  • Newbie
  • *
  • Posts: 4
  • Karma: 2
    • View Profile
Re: Limiting cross-interface DNS in Unbound
« Reply #1 on: April 14, 2019, 08:12:00 am »
Similar problem here. My OPNsense has several network zones; resolving the router ip via nslookup/dig delivers all router ip addresses of all interfaces.
Logged
HW: Supermicro A1SRi-2558F, 16 GB ECC RAM, 30 GB SATA DOM, 4 x i354 Ethernet

Mks

  • Sr. Member
  • ****
  • Posts: 260
  • Karma: 19
    • View Profile
Re: Limiting cross-interface DNS in Unbound
« Reply #2 on: April 14, 2019, 08:47:33 am »
Hi.
I'm using for Guest network public DNS resolver.
DNS queries to Guest interface (Unbound) are denied.

Br
Logged
  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • Archive »
  • 19.1 Legacy Series »
  • Limiting cross-interface DNS in Unbound
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2023 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2