Hi,
I use ipfire as access point for my wlan devices.
Now I set adguard/unbound/DoT on OPNsense and want to use OPNsense as DNS resolver. Adguard runs on 53, unbound runs on 5353 and is set as upstream for adguard. So far so good.
If I set ipfire to recursive mode, it will resolve DNS by itself via root servers. I want that ipfire uses OPNsense to resolve DNS. If I just put the IP of the OPNsense to the DNS settings it doesn’t work.
Some ideas?
cheers
fstarter
OPNsense DNS server must allow DNSSEC. If it uses unbound, like IPFire, I don’t think this is true. DNSSEC on the server side of a bit complicated, if not impossible.
For functions like adguard ( without storing information on extern servers ) I recommend the RPZ project
On OPNsense unbound has activated DNSSEC support and on Adguard DNSSEC is enabled. If I set the OPNsense IP as DNS on ipfire, I get “reverse lookup failed”.
As I understand RPZ project is for running smth like adguard on ipfire, I run it on OPNsense and use ipfire just as access point, or what could it be for in my case?
Is the OPNsense device your internet access device?
yes.
I got it!
The problem was the following:
If I set the ipfire-IP as DNS for WLAN clients, the ipfire resolves directly without adguard of the OPNsense. But if I set the IP of the NIC of OPNsense which is connected to ipfire, so the OPNsense IP of this special NIC, everything works!
ipfire must still be in resursive mode.