Limiting cross-interface DNS in Unbound

Started by incirrata, March 27, 2019, 04:26:08 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
March 27, 2019, 04:26:08 PM
Hi all, I'm setting up a guest Wi-Fi network in OPNsense. All Wi-Fi is handled via the PUBLIC interface, and I use firewall rules to prevent any traffic from reaching my LAN interface PRIVATE. However, I'm using Unbound DNS  on both interfaces. PUBLIC users could still get the IP of PRIVATE hosts using nslookup, ping, etc. Is there any way to prevent that?

How it currently is:

  • PUBLIC host nslookups PRIVATE host
  • IP address of PRIVATE host is displayed

How I'd like it:

  • PUBLIC host nslookups PRIVATE host
  • ** server can't find [PRIVATE host]: NXDOMAIN
April 14, 2019, 08:12:00 AM #1
Similar problem here. My OPNsense has several network zones; resolving the router ip via nslookup/dig delivers all router ip addresses of all interfaces.
HW: Supermicro X11SCL-IF, i3-9100F, 32 GB ECC RAM, 250 GB SSD, Mellanox ConnectX-3, 10 GBit Internet
April 14, 2019, 08:47:33 AM #2
Hi.
I'm using for Guest network public DNS resolver.
DNS queries to Guest interface (Unbound) are denied.

Br
Print
Go Up Pages1
User actions