DNS resolves firewall for wrong subnet

Started by SamBox83, May 08, 2023, 01:41:33 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
May 08, 2023, 01:41:33 PM
Hi everyone,
I have set up my opnsense with 3 networks: 192.168.X.X/24. The Web-Interface for my firewall "fw01" is only reachable under the 192.168.1.1 interface, yet somehow when I'm using the hostname it either resolves to 192.168.2.1 or 3.1. Is there a way to prevent the DNS server from doing that? I would like to be able to only server answers for the specific interface, not all of them.
Greetings
Sam
May 08, 2023, 02:01:27 PM #1
Hi Sam,

I did face the same problem as yourself in the past. The solution is if you are using unbound to resolve your DNS requests is to use 'access-control-view' records - there might bo something similar for the other DNS servers as well.

Under /usr/local/etc/unbound.opnsense.d create a .conf file (local.conf for example) with something like
Code Select

access-control-view: 192.168.1.1/24 lan

view:
    name: "lan"
    local-data: "fw01 IN 192.168.1.1"
    view-first: yes


Reload unbound and you should be good.
May 08, 2023, 03:15:25 PM #2
Go to Unbound DNS > General settings and look for the option "Do not register system A/AAAA records". Enable that and then set up a manual override for how you want the desired hostname to resolve.
Print
Go Up Pages1
User actions