Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
[solved] How to set up unbound to resolve any machine on two vpn linked lans
« previous
next »
Print
Pages: [
1
]
Author
Topic: [solved] How to set up unbound to resolve any machine on two vpn linked lans (Read 1728 times)
dgk
Newbie
Posts: 5
Karma: 0
[solved] How to set up unbound to resolve any machine on two vpn linked lans
«
on:
April 18, 2020, 05:52:22 pm »
I am just getting opnsense set up for the first time as the gateway for both my two lans (remote)
I had my own custom gateway builds that both had dnsmasq running. I guess I could disable unbound and use dnsmasq but maybe unbound is a better choice.
What I need is for any machine on either lan (the lans will be connected via openvpn) to resolve local records (overrides) on either lan. I mean any machine on either lan can resolve any machine on either lan (given it has a dns entry)
If I were to use dnsmasq I'd maintain a file for each lan's local dns entries in /etc/dnsmasq.d on both opnsense instances (i.e. they both have identical copies of both files).
I read that unbound is a "real" dns server thus can forward/sync records? So maybe it can forward records from the one opnsense instance to the other via the vpn? (but not to any public DNS server). That would be great as then I wouldn't have to manage two lists and make sure they are updated on both opnsense machines. Any record I add to either would automagically be on the other.
Can anyone comment on my desired setup and whether/how unbound can meet it?? If not then maybe I'll just punt and use dnsmasq of which I am more familiar
«
Last Edit: April 23, 2020, 08:20:22 pm by dgk
»
Logged
dgk
Newbie
Posts: 5
Karma: 0
Re: How to set up unbound to resolve any machine on two vpn linked lans
«
Reply #1 on:
April 23, 2020, 08:19:57 pm »
Looks like I will comment on my own post
Actually this was pretty easy to set up.
On lan1 running opnsense/unbound
Add domain override for the subdomain of the remote vpn lan (lan2) lan2.mydomain.net with ip of where dnsmasq or unbound is running on lan2
now in the host overrides use an alias for every entry
for example add nas.mydomain.net to local ip with alias nas.lan1.mydomain.net
now over on the remote lan (lan2). For unbound do the reverse of above
otherwise for dnsmasq
----for dnsmasq-----
in etc/dnsmasq.conf
add the line with ip of the opnsense gateway box (running unbound) lan1
server=/lan1.mydomain.net/xxx.xxx.xxx
now for dns records in dnsmasq there is no alias so add one for local and another remote access
address=/gateway.nas.645.mydomain.net/xxx.xxx.xxx.xxx //local ip
address=/gateway.nas.lan2.mydomain.net/xxx.xxx.xxx.xxx // same ip as above
restart both dns servers also may have to flush dns cache on individual machines
so nas.mydomain.net resolves to the local server but nas.lanx.mydomain.net will resolve to which lanx you use.
Each lan has it's own records, no need to share or sync. It does require that an alias be set up for each record.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
[solved] How to set up unbound to resolve any machine on two vpn linked lans