Help wiht DNS settings

[Denis Raigorodski]

After configuring a OPN sense machine in replacement for commercial firewall, became little confuse in how should set up DNS settings.

Here´s my enviroment:
OPNsense 17.7.5-amd64
FreeBSD 11.0-RELEASE-p12

Multi -Wan (fail over)

DNS settings:
WAN1 => Google DNS1, Service provider DNS
WAN2 => Google DN2, Service provider DNS

What i wanna do:

Local names = dns queries should be forward for dns local domain servers
Internet =dns queries shoul be resolved (by the firewall itself) or foward to the Internet.

I´d like tip/help in the best way to config dns settings in my network

Services availbles:
DNSmasq
Dinamic DNS
Open DNS
Unbound DN

[Ciprian]

As a general setup, you will only need:

1. Domain overrides - pay attention to Unbound if you use it, you will also need ACL records for network segments not directly connected to your internal network(s) NICs (like remote VPN internal networks/ branch offices).
2. For both forward queries and reverse queries resolution you will need both domain suffix overrides and in-addr.arpa overrides.

Hope it helps!

[Denis Raigorodski]

hutiucip, any help is apreciated! thanks a lot!

Actually i am not sure what services/plugins i should use to make DNS work within OPN Sense

after installation Unbound DNS was activated by default.

I couldn´t not find any help with OPN documentation.

About your tips:

1 - At moment, we don´t need this. We dont have branch offices and we won´t need any VPN network in the near future.

2 - Can you point me where should i look for these settings ?

Again, thanks for your help!!!!!

[marjohn56]

Services->Unbound DNS->Overrides

Host Overrides for individual machines, I use them for changing a WAN IP to an internal, i.e. changing my mail server global IP to a local IP that can be resolved by LAN machines.

Domain overrides to point your domain to a local DNS server.

That should help you.

[elektroinside]

I'm not sure if I understood your issue correctly.
But, I would not use domain overrides for local domains. It's just not a healthy design, although it does exactly what you want (as my colleagues pointed out).

What I would do is to use the same local DNS server for all of my LAN clients. Then, I would configure the local DNS server to forward queries to OPNsense. It will forward queries anyway if it can't resolve something (if it is set to forward) and it will always resolve local queries. On OPNsense, I would use the DNS forwarder instead of Unbound, if it's not used anyway.

This is how I would do it (in case of a single domain in the network).

[Denis Raigorodski]

I´d like to thank you all for the help given

After making a few adjustment i got it working at last

I´ll need sometime but public how my configuration has been set up.


PS. updated my appliance to last production series 18.?