DNS aliases for WAN hostnames

Started by awado, February 29, 2024, 09:13:17 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
February 29, 2024, 09:13:17 PM
Hello,

couldn't find any hint in the documentation. Maybe someone can help? From some LAN clients I need to reach some WAN sites under different DNS names. For example host.somedomain.com should be reachable by server1.somedomain.com, server2.somedomain.com, server3.somedomain.com and so on. Sometimes these hosts have dynamic IPs, so IP aliases won't help here. Any hints would be great.

Awado
March 01, 2024, 12:40:39 AM #1
There's not a simple way to do it in OPNsense, but I'm curious what you're use case is for this.  What are you trying to accomplish?
March 01, 2024, 12:46:04 PM #2
 :'(

I'm using LibreNMS for monitoring. Each host needs an unique dns name there. This is okay, if every server or service has its own IP. But this cannot be accomplished over WAN, where I use SNMP proxying behind a single WAN IP on the target site. For example, there are some VMs behind a WAN address I want to monitor via SNMP. A single port 161 is openend on the target router and a SNMP proxy behind splits requests by their community string to each vm.

It's kind of a cname feature in terms of DNS.
March 01, 2024, 12:55:37 PM #3
Wouldn't there be a possibility to use some form of dyndns system (eg. Gandi has their own) to register the different hostnames, which are all CNAMES pointing at a haproxy setup, which then listens on port 161 and forwards the traffic based on the hostname? SNMP can use TCP, so this should work, I think.

Per server required you just have to register the necessary CNAME record.
March 01, 2024, 01:18:31 PM #4
This works only for protocols that embed the hostname in the request, like HTTP and HTTPS. SNMP does not do that.

You could use a separate port for each target host.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
March 01, 2024, 01:21:17 PM #5
Yes, a DNS provider would be my last resort. Another idea was to setup something on the LibreNMS VM that does something cname-like. As /etc/hosts uses IPs it is of no use there. Not sure, if dnsmasq would be an option.
March 01, 2024, 01:24:32 PM #6
Quote from: Patrick M. Hausen on March 01, 2024, 01:18:31 PM
You could use a separate port for each target host.

Won't help much, as different ports would use the same hostname.
March 01, 2024, 01:41:03 PM #7
You can use a DynDNS provider to get one hostname pointing to your ip address, let's name it

myname.do.main

and then in your DNS settings statically define as many aliases as needed:

device-a.do.main. IN CNAME myname.do.main.
device-b.do.main. IN CNAME myname.do.main.
device-c.do.main. IN CNAME myname.do.main.
device-d.do.main. IN CNAME myname.do.main.
...

And last use for SNMP:

device-a.do.main:1161
device-b.do.main:2161
device-c.do.main:3161
device-d.do.main:4161
...

Or some such.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
March 01, 2024, 01:45:01 PM #8
Ah, got your idea. Thanks for your efforts. Yes, that's what I had in mind it nothing else would work. The downside is the ability to manage that as there are a few dozens. That's why I'm hoping for a local solution.
March 01, 2024, 02:02:19 PM #9
VPN? Connect the networks behind the firewalls ... needs one central hub with a static IP address to be reliable.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
March 01, 2024, 02:55:15 PM #10
Unfortunately VPN is not an option. Most of the clients do not have enough ressources for a vpn and its routing. It's really stupid that LibreNMS doesn't allow redundant hostnames.

Print
Go Up Pages1
User actions