OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • English Forums »
  • General Discussion »
  • DNS wildcards in Alias (Hosts)
« previous next »
  • Print
Pages: [1]

Author Topic: DNS wildcards in Alias (Hosts)  (Read 2848 times)

ArminF

  • Full Member
  • ***
  • Posts: 205
  • Karma: 11
    • View Profile
DNS wildcards in Alias (Hosts)
« on: February 04, 2020, 09:01:14 pm »
Greetings,
took a search before i posted as it did not ended with a good result.

Want to migrate my XG and later my UTM to OPNSense and installed a VM to prepare and cleanup my "old mess" to start with something fresh.

Recognized to use as much Aliases in the Firewall as possible to set groups and services together.
As i do have a lot of external WAN connection into the company from home i wanted to create some DNS wildcards.
Like *.company.com and so on. But was not able to archive it.
Do i really have to enter all in a single address or DNS?
I hope that you Pro's have a better way to archive this..

Otherwise i could life with it but just wanted to ask before i type and resolve several IPs to DNS.

thanks!
A
Logged
English: Never try, never know!
Deutsch: Unversucht ist Unerfahren!

chropnsense

  • Newbie
  • *
  • Posts: 17
  • Karma: 0
    • View Profile
Re: DNS wildcards in Alias (Hosts)
« Reply #1 on: January 27, 2022, 06:43:26 pm »
Hi,

I'm also wondering, if this is possible or not (in pfSense it is not it seems). I just got the task to evaluate OPNSense and this is more or less a show stopper, if not possible to e.g. allow only MS Updates based on wildcard DNS:
https://docs.microsoft.com/en-us/windows-server/administration/windows-server-update-services/deploy/2-configure-wsus#211-connection-from-the-wsus-server-to-the-internet

http://windowsupdate.microsoft.com
http://*.windowsupdate.microsoft.com
https://*.windowsupdate.microsoft.com
http://*.update.microsoft.com
https://*.update.microsoft.com
http://*.windowsupdate.com
http://download.windowsupdate.com
https://download.microsoft.com
http://*.download.windowsupdate.com
http://wustat.windows.com
http://ntservicepack.microsoft.com
http://go.microsoft.com
http://dl.delivery.mp.microsoft.com
https://dl.delivery.mp.microsoft.com

Windows update here only as an example (could use WSUS), but also other use cases where need to allow CDN type *.domain.com

Edit: if not out-of-the-box possible, would it be possible to use cron and dnsmasq to poll through a list say once an hour (if that wildcard doesn't need to be resolved real time) and then use that IP list in an alias or similar?
« Last Edit: January 27, 2022, 07:17:40 pm by chropnsense »
Logged

Pfirepfox

  • Newbie
  • *
  • Posts: 42
  • Karma: 2
    • View Profile
Re: DNS wildcards in Alias (Hosts)
« Reply #2 on: November 16, 2022, 01:02:11 pm »
Also curious about this, i have a number of hosts to insert and wildcard support would be great
Logged

franco

  • Administrator
  • Hero Member
  • *****
  • Posts: 17661
  • Karma: 1611
    • View Profile
Re: DNS wildcards in Alias (Hosts)
« Reply #3 on: November 16, 2022, 03:59:15 pm »
In the mid-term Unbound blocklists will be able to run pattern matching with the switch to Python backend, but to my knowledge it's impossible to derive all IP addresses from all (unknown) subdomains as an alias in the firewall.


Cheers,
Franco
Logged
  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • English Forums »
  • General Discussion »
  • DNS wildcards in Alias (Hosts)
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2