Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Development and Code Review
(Moderator:
fabian
) »
BIND plugin configuration
« previous
next »
Print
Pages: [
1
]
Author
Topic: BIND plugin configuration (Read 3692 times)
bs-opn
Newbie
Posts: 2
Karma: 0
BIND plugin configuration
«
on:
August 09, 2019, 07:27:23 pm »
I am trying to transition from pfSense to OPNsense and I'm trying to get the pfBlocker functionality replicated.
I currently have Unbound DNS running on port 5053. I have bind running on port 53.
I can modify the /usr/local/etc/namedb/named.conf to specify a port for a forwarder, but I can't do that in the UI. Any changes in the UI will overwrite my changes to the named.conf.
My apologies for the basic question, but what is the best way of making an enhancement request to allow the UI forwarder input validation to allow specifying a port that gets broken out in the named.conf as:
// Unbound listens on 5053 and forwards to CloudFlare via DNS-TLS
forwarders {
127.0.0.1 port 5030;
};
Logged
mimugmail
Hero Member
Posts: 6700
Karma: 473
Re: BIND plugin configuration
«
Reply #1 on:
August 09, 2019, 08:13:11 pm »
Here you can add a feature request:
https://github.com/opnsense/plugins/issues
Idea: Add an IP Alias and let Unbound only listen to this alias, then you don't need the port when BIND only listens to other IP addresses
Logged
WWW:
www.routerperformance.net
Support plans:
https://www.max-it.de/en/it-services/opnsense/
Commercial Plugins (German):
https://opnsense.max-it.de/
bs-opn
Newbie
Posts: 2
Karma: 0
Re: BIND plugin configuration
«
Reply #2 on:
August 09, 2019, 11:19:22 pm »
Thanks for the recommendation. Unfortunately, Unbound wants a Network Interface to listen to for requests. Bind wants an IP address. Is there an easy way to get unbound to use an IP Alias? I think that would solve what I'm trying to do.
I'm trying to stick with a solution that keeps everything in the config.xml so it doesn't get overwritten whenever I make a change through the GUI.
Logged
mimugmail
Hero Member
Posts: 6700
Karma: 473
Re: BIND plugin configuration
«
Reply #3 on:
August 10, 2019, 06:33:45 am »
It can listen in WAN when your firewalling is correct.
Logged
WWW:
www.routerperformance.net
Support plans:
https://www.max-it.de/en/it-services/opnsense/
Commercial Plugins (German):
https://opnsense.max-it.de/
mimugmail
Hero Member
Posts: 6700
Karma: 473
Re: BIND plugin configuration
«
Reply #4 on:
August 10, 2019, 06:59:12 am »
BTW if you want DNS encryption and don't insist on DoT you could use dnscrypt plugin which also supports DNSBL!
Logged
WWW:
www.routerperformance.net
Support plans:
https://www.max-it.de/en/it-services/opnsense/
Commercial Plugins (German):
https://opnsense.max-it.de/
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
Development and Code Review
(Moderator:
fabian
) »
BIND plugin configuration