Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
19.1 Legacy Series
»
Limiting cross-interface DNS in Unbound
« previous
next »
Print
Pages: [
1
]
Author
Topic: Limiting cross-interface DNS in Unbound (Read 2714 times)
incirrata
Newbie
Posts: 19
Karma: 3
Limiting cross-interface DNS in Unbound
«
on:
March 27, 2019, 04:26:08 pm »
Hi all, I'm setting up a guest Wi-Fi network in OPNsense. All Wi-Fi is handled via the PUBLIC interface, and I use firewall rules to prevent any traffic from reaching my LAN interface PRIVATE. However, I'm using Unbound DNS on both interfaces. PUBLIC users could still get the IP of PRIVATE hosts using nslookup, ping, etc. Is there any way to prevent that?
How it currently is:
PUBLIC host nslookups PRIVATE host
IP address of PRIVATE host is displayed
How I'd like it:
PUBLIC host nslookups PRIVATE host
** server can't find [PRIVATE host]: NXDOMAIN
Logged
sbuckmann
Newbie
Posts: 8
Karma: 2
Re: Limiting cross-interface DNS in Unbound
«
Reply #1 on:
April 14, 2019, 08:12:00 am »
Similar problem here. My OPNsense has several network zones; resolving the router ip via nslookup/dig delivers all router ip addresses of all interfaces.
Logged
HW: Supermicro X11SCL-IF, i3-9100F, 32 GB ECC RAM, 250 GB SSD, Mellanox ConnectX-3, 10 GBit Internet
Mks
Sr. Member
Posts: 272
Karma: 19
Re: Limiting cross-interface DNS in Unbound
«
Reply #2 on:
April 14, 2019, 08:47:33 am »
Hi.
I'm using for Guest network public DNS resolver.
DNS queries to Guest interface (Unbound) are denied.
Br
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
19.1 Legacy Series
»
Limiting cross-interface DNS in Unbound