BIND - Need Port setting for DNS Forwarders

[Bytechanger]

Hi,

I want to forward DNS-Requests from BIND to DNSCrypt-Proxy.
But BIND only allow to set IP-Adresses ipv4 and ipv6 without special Port.

I want to forward to 127.0.0.1:5353 and [::1]:5353
but this is only possible by editing /usr/local/etc/namedb/named.conf.
But when system is change settings, the config will be overwritten
and in my network, no dns is possible....

Is there a workaround or future-request to set ports to forward-adresses ?

Greets

Byte

[Fright]

imo for workaround (if you plan to request this feature) you can play with template
i think its
/usr/local/opnsense/service/templates/OPNsense/Bind/named.conf
and set port there

[Bytechanger]

Yes, I wrote this as workaround.

But, when you push SAVE on BIND settings, or somthing is going on on opnsense (restart or else) its overwritten and my network has no DNS-Server.

Greets

Byte

[Fright]

are you sure you read the path carefully?
its template. its not overwritten ever (plugin reinstall does not count). it contains instrutions to fill .conf based on settings

[Bytechanger]

OK, thanks,

found
{% if helpers.exists('OPNsense.bind.general.forwarders') and OPNsense.bind.general.forwarders != '' %}
        forwarders    { {{ OPNsense.bind.general.forwarders.replace(',', '; ') }}; };
and replaced forwarders line to:
         forwarders    { 127.0.0.1 port 5353; ::1 port 5353; };

that seems to work!

Greets

Byte

[milkman]

I originally modified the BIND template to accomplish this exact same setup of BIND forwarding to dnscrypt-proxy, but decided to go another route.

I added an IP Alias to interface Loopback of 127.0.0.2, then modified dnscrypt-proxy to listen on 127.0.0.2:53 and ticked the "Allowed Privleged Ports" option, works a treat!