Zenarmor and local hostname

[rumshot]

Hello,

I am trying to make Zenarmor display local hostnames instead of only IP addresses in reports/sessions, but I cannot make it work despite multiple tests.

Environment:

* OPNsense latest
* Zenarmor latest
* Multiple VLANs
* Unbound enabled locally on OPNsense
* DHCP leases registration enabled in Unbound
* Static mappings registration enabled in Unbound
* Clients are forced to use OPNsense DNS through DNS hijacking/NAT redirect
* Upstream recursive DNS is an Oracle Cloud Unbound server over WireGuard

Issue:
Zenarmor still shows devices only by IP address (example: 192.168.100.x) instead of local hostnames.

What I already tested:

* Zenarmor DNS server set to:

  * 127.0.0.1
  * OPNsense interface IPs (example 192.168.200.x)
  * Oracle recursive DNS IP
* Restarted/reloaded Zenarmor services
* Cleared firewall states
* Generated fresh traffic/sessions
* Verified local reverse lookups on OPNsense
* Verified DHCP registration options are enabled in Unbound

I also understand the difference between:

* local authoritative DNS knowledge on OPNsense
* recursive upstream DNS on Oracle

However, despite all this, Zenarmor still does not enrich local IPs into hostnames.

Questions:

1. Is there any cache that must be manually cleared in Zenarmor for hostname enrichment?
2. Does Zenarmor require additional settings to read local Unbound lease registrations?
3. Is hostname enrichment limited when Unbound is running in forwarding mode?
4. Is there any known issue with VLAN environments and local hostname enrichment?
5. Is there a recommended way to validate whether Zenarmor is successfully consuming local DNS/PTR information?

Any help or guidance would be appreciated.

Thank you.

[Vilhonator]

You need paid subscription (like home which is 10€ a month) for it.

If you have paid subscription, then here are steps I could find.

• Go to Settings -> DNS Enrichment.Toggle on Perform real-time DNS reverse queries for local IP addresses. Under DNS Enrichment for Reports, add the IP address of your local DNS server. Save your changes and restart the Zenarmor engine from the dashboard
• Go to Services -> Unbound DNS -> Overrides in your OPNsense UI.Add Host Overrides for your client devices to map their names to their static IP addresses.
• Go to Services -> Unbound DNS -> Overrides in your OPNsense UI.Add Host Overrides for your client devices to map their names to their static IP addresses.
• Ensure you haven't accidentally masked your IP addresses. In the Zenconsole, check your Privacy Settings and make sure Anonymize local IP address is toggled OFF.
• If you are still seeing IPs or MAC addresses, you may need to clear your reporting database/cache to force a fresh look-up using the new DNS settings.

If that fails, then contact zenarmor support for further guidance.

Anyway, since you didn't mention wether you are using free version or not, I assume you are using free version and that's why it doesn't work

[rumshot]

Thanks !!

I'm indeed using free version. I was expecting this works under free ...
Anyway, i will ask them a trial.

10 isnt too much, but at the same time, i would like to see it working first.

You need paid subscription (like home which is 10€ a month) for it.

If you have paid subscription, then here are steps I could find.

• Go to Settings -> DNS Enrichment.Toggle on Perform real-time DNS reverse queries for local IP addresses. Under DNS Enrichment for Reports, add the IP address of your local DNS server. Save your changes and restart the Zenarmor engine from the dashboard
• Go to Services -> Unbound DNS -> Overrides in your OPNsense UI.Add Host Overrides for your client devices to map their names to their static IP addresses.
• Go to Services -> Unbound DNS -> Overrides in your OPNsense UI.Add Host Overrides for your client devices to map their names to their static IP addresses.
• Ensure you haven't accidentally masked your IP addresses. In the Zenconsole, check your Privacy Settings and make sure Anonymize local IP address is toggled OFF.
• If you are still seeing IPs or MAC addresses, you may need to clear your reporting database/cache to force a fresh look-up using the new DNS settings.

If that fails, then contact zenarmor support for further guidance.

Anyway, since you didn't mention wether you are using free version or not, I assume you are using free version and that's why it doesn't work