Config third DNS in DHCP

Started by t.kayser, March 15, 2021, 08:18:37 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
March 15, 2021, 08:18:37 PM
Hi

Is there a way to configure a third DNS?

For our remote sides i would like to configure our two central DNS Servers, and the Firewall if the VPN ist down.

Can someone help meh here?   :)
March 16, 2021, 10:16:07 PM #1
I haven't tested but I think it should be possible with additional options in DHCP config.

DNS would be number 6 as per: https://www.iana.org/assignments/bootp-dhcp-parameters/bootp-dhcp-parameters.xhtml
2x 23.7 VMs & CARP, 4x 2.1GHz, 8GB
Cisco L3 switch, ESXi, VDS, vmxnet3
DoT, Chrony, HAProxy + NAXSI, Suricata
VPN: IPSec, OpenVPN, Wireguard
MultiWAN: Fiber 500/500Mbit dual stack + 4G failover

--
Available for private support.
Did my answer help you? Feel free to click [applaud] to the left
March 22, 2021, 05:47:34 PM #2
Quote from: sorano on March 16, 2021, 10:16:07 PM
I haven't tested but I think it should be possible with additional options in DHCP config.

DNS would be number 6 as per: https://www.iana.org/assignments/bootp-dhcp-parameters/bootp-dhcp-parameters.xhtml

Hi Sorano

thx for your reply

No luck so far, with: Numer= 6 or 5 / Type= IP adress or host / Value 10.101.1.1
April 04, 2021, 04:07:23 PM #3
Quote from: t.kayser on March 15, 2021, 08:18:37 PM
Is there a way to configure a third DNS?

Hi, I had the same issue.

I needed to configure 3 IPs:   192.168.0.10, 192.168.0.20, 192.168.0.1

You can use the additional options (ignore the 2 DNS fields)

Number: 6
Type: string
Value:
convert the numeric IPs to their hex value and concatenate them in the order you require, for example for the IPs I mentioned above the value is:
c0:a8:00:0a:c0:a8:00:14:c0:a8:00:01
March 02, 2023, 10:03:43 AM #4
I had trouble understanding the instructions but now that I have it working, I wanted to help elucidate.

RFC 2132 3.8 says use option "6", minimum length is 4 octets, and length must always be a multiple of 4 [octets]. Servers should be listed in order of preference.

Convert the individual IP addresses you want with a Hex to IP converter

  • e.g:
    192.168.0.1 = c0:a8:00:01
    192.168.0.2 = c0:a8:00:02
    192.168.0.3 = c0:a8:00:03
    Some tools use periods[.] instead of colons[:]. Ensure you replace any symbol with colon[:]
  • In the order of server preference, concatenate the hex values together using colon[:] as the separator, e.g.
    192.168.0.1 + 192.168.0.2 + 192.168.0.3 =
    c0:a8:00:01:c0:a8:00:02:c0:a8:00:03

In the OPNsense GUI, under DHCPv4 configuration:

  • Leave the GUI option for DNS Servers blank
  • Expand Additional Options
  • Input 6 into the Number field
  • Change Type to string
  • Enter the concatenated string into value, e.g. c0:a8:00:01:c0:a8:00:02:c0:a8:00:03
  • Save, renew IP, check. In Windows, that would be ipconfig /renew; ipconfig /all

Troubleshooting

  • In Windows, ipconfig /renew will return: "An error occured while renewing interface <your interface> : The data is invalid." if your configuration is incorrect, e.g. using multiple line entries will override with the last entry instead of giving you multiple servers.
  • If you only see one address, you probably didn't clear the GUI fields, or you only entered one set of octets.
  • If you want to verify the hex values we've used, split the string back into 4 octets or you'll get a 0.0.0.xx when converting the concatenated string to IP

Thanks for the assistance @xbb et al. :)
Print
Go Up Pages1
User actions