Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
21.1 Legacy Series
»
Unbound views
« previous
next »
Print
Pages: [
1
]
Author
Topic: Unbound views (Read 2484 times)
JohnDoe17
Newbie
Posts: 40
Karma: 5
Unbound views
«
on:
February 12, 2021, 09:10:16 pm »
Hello.
I am trying to resolve an issue that I am having with DNS resolution after I connect to the firewall via OpenVPN server:
OpenVPN server configuration:
I supply a "DNS Default Domain" and "DNS Server," and have "Force DNS cache update" and "Prevent DNS leaks" selected.
After I successfully establish the VPN using the Viscosity client, when I try to connect to the firewall GUI using its DNS name, it stalls for a few seconds and then works for a few seconds. After a few more seconds of working, it stalls again and then works again, and so on.
Wireshark shows me that my web browser's DNS query goes to the machine that I specified in my OpenVPN server "DNS Server" configuration (the firewall's own Unbound service), but the DNS response contains the entire list of IPs assigned to ALL of the interfaces on the firewall. And, apparently?, depending on the order of the IP addresses in the response, the web browser tries to connect to TCP port 443 (the firewall GUI) using one of the IP addresses that is not authorized in the firewall rules associated with VPN interface.
Does that sound right? I assumed Unbound would return the DNS response that corresponds to the interface from which the query came instead of every IP for every interface on the firewall.
Am I missing something in the current OPNsense GUI that would help me with this?
Otherwise, it sounds like Unbound supports something like this now called "views." I don't think OPNsense supports these options in the current GUI. Is that right? If I want to purse this option, I guess I need to use the "Advanced" configurtation.
Logged
GurliGebis
Newbie
Posts: 42
Karma: 3
Re: Unbound views
«
Reply #1 on:
February 13, 2021, 10:02:22 pm »
I just had to set up views.
What I did was to create a config file for it manually, and then include that using the "Custom Options" field.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
21.1 Legacy Series
»
Unbound views