Hostname Override for VPN Clients

Brailyn

Is there a way I can make specific hostname resolve differently when asked from a different subnet than my LAN?

For example 192.168.1.1 resolves to host1.example in the 192.168.1.0/24 LAN
and for the same host it resolves to newname.example for clients in 192.168.2.0/24 LAN2

I am using DNS resolver and have DNS forwarder disabled. All DNS hosts resolve on both LAN and LAN2.

JKnott

@Brailyn

What would be the purpose of that? I could understand a host name resolving to a different IP address, but not a host address returning a different host hame.

jimp

There isn't a GUI for it, but you can do that with Views in the DNS Resolver. There are examples around the forum for how to do that.

Brailyn

Based on Jknotts response, I think I asked wrong... This is what I intended:

I am looking for host1.example to resolve to 192.168.1.1 from 192.168.1.0/24 and from 192.168.2.0/24 LAN2 host1.example resolves to a public IP address.

jimp

https://forum.netgate.com/post/905712

JKnott

@Brailyn

I do that, but I have an external DNS server I use. The external server has the public address and pfSense has the local address.

Brailyn

@jimp very interesting. How do I keep viewA to use resolver normally?

Something like this?

server:
access-control-view: 10.0.0.0/24 viewa
access-control-view: 10.0.8.0/24 viewb

view:
name: "viewa"
local-zone: "example1.com." dynamic

view:
name: "viewb"
local-zone: "example1.com." static
local-data: "test1.example1.com. 90 IN A 10.10.10.10"

Also, I have this config in my custom options for DNS over HTTPS... Is it okay to combine these options?

forward-zone:
name: "."
forward-ssl-upstream: yes
forward-addr: 1.1.1.1@853
forward-addr: 1.0.0.1@853
server:include: /var/unbound/pfb_dnsbl.*conf

jimp

Just don't make a second view. Only make a view for the non-default responses.

jimp

And yes, you can add the view stuff after just make sure to include the server: bit on a new line first.

Brailyn

This works for the single host, but no other LAN addresses resolve. Any ideas?

server:
access-control-view: 10.0.8.0/24 openvpn-view

view:
name: "openvpn-view"
local-zone: "hostame.example." static
local-data: "hostname.example. 90 IN A X.X.X.X"

Brailyn

This post is deleted!

jimp

Change static to transparent, perhaps

Brailyn

Functionality seems the same. I should note that other addresses internal only end in "example" as well.

Since I only want to resolve to public address for this override, is there any way I can force hostname.example to use a public DNS server like 1.1.1.1? and all other hostname2.example, hostname3.example, etc. use pfsense resolver normally.