Help wiht DNS settings

Started by Denis Raigorodski, March 01, 2018, 10:11:09 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
March 01, 2018, 10:11:09 PM
After configuring a OPN sense machine in replacement for commercial firewall, became little confuse in how should set up DNS settings.

Here´s my enviroment:
OPNsense 17.7.5-amd64
FreeBSD 11.0-RELEASE-p12

Multi -Wan (fail over)

DNS settings:
WAN1 => Google DNS1, Service provider DNS
WAN2 => Google DN2, Service provider DNS

What i wanna do:

Local names = dns queries should be forward for dns local domain servers
Internet =dns queries shoul be resolved (by the firewall itself) or foward to the Internet.

I´d like tip/help in the best way to config dns settings in my network

Services availbles:
DNSmasq
Dinamic DNS
Open DNS
Unbound DN

March 05, 2018, 09:31:20 AM #1
As a general setup, you will only need:

1. Domain overrides - pay attention to Unbound if you use it, you will also need ACL records for network segments not directly connected to your internal network(s) NICs (like remote VPN internal networks/ branch offices).
2. For both forward queries and reverse queries resolution you will need both domain suffix overrides and in-addr.arpa overrides.

Hope it helps! :)
March 05, 2018, 02:49:11 PM #2

hutiucip, any help is apreciated! thanks a lot!

Actually i am not sure what services/plugins i should use to make DNS work within OPN Sense

after installation Unbound DNS was activated by default.

I couldn´t not find any help with OPN documentation.

About your tips:

1 - At moment, we don´t need this. We dont have branch offices and we won´t need any VPN network in the near future.

2 - Can you point me where should i look for these settings ?

Again, thanks for your help!!!!!
March 06, 2018, 08:37:02 PM #3
Services->Unbound DNS->Overrides

Host Overrides for individual machines, I use them for changing a WAN IP to an internal, i.e. changing my mail server global IP to a local IP that can be resolved by LAN machines.

Domain overrides to point your domain to a local DNS server.

That should help you.
OPNsense 24.7 - Qotom Q355G4 - ISP - Squirrel 1Gbps.

Team Rebellion Member
March 07, 2018, 07:23:36 AM #4 Last Edit: March 07, 2018, 07:31:32 AM by elektroinside
I'm not sure if I understood your issue correctly.
But, I would not use domain overrides for local domains. It's just not a healthy design, although it does exactly what you want (as my colleagues pointed out).

What I would do is to use the same local DNS server for all of my LAN clients. Then, I would configure the local DNS server to forward queries to OPNsense. It will forward queries anyway if it can't resolve something (if it is set to forward) and it will always resolve local queries. On OPNsense, I would use the DNS forwarder instead of Unbound, if it's not used anyway.

This is how I would do it (in case of a single domain in the network).
OPNsense v18 | HW: Gigabyte Z370N-WIFI, i3-8100, 8GB RAM, 60GB SSD, | Controllers: 82575GB-quad, 82574, I221, I219-V | PPPoE: RDS Romania | Down: 980Mbit/s | Up: 500Mbit/s

Team Rebellion Member
March 12, 2018, 01:53:18 PM #5
I´d like to thank you all for the help given

After making a few adjustment i got it working at last

I´ll need sometime but public how my configuration has been set up.


PS. updated my appliance to last production series 18.?
Print
Go Up Pages1
User actions