Hostname Override for VPN Clients
-
Is there a way I can make specific hostname resolve differently when asked from a different subnet than my LAN?
For example 192.168.1.1 resolves to host1.example in the 192.168.1.0/24 LAN
and for the same host it resolves to newname.example for clients in 192.168.2.0/24 LAN2I am using DNS resolver and have DNS forwarder disabled. All DNS hosts resolve on both LAN and LAN2.
-
What would be the purpose of that? I could understand a host name resolving to a different IP address, but not a host address returning a different host hame.
-
There isn't a GUI for it, but you can do that with Views in the DNS Resolver. There are examples around the forum for how to do that.
-
Based on Jknotts response, I think I asked wrong... This is what I intended:
I am looking for host1.example to resolve to 192.168.1.1 from 192.168.1.0/24 and from 192.168.2.0/24 LAN2 host1.example resolves to a public IP address.
-
https://forum.netgate.com/post/905712
-
I do that, but I have an external DNS server I use. The external server has the public address and pfSense has the local address.
-
@jimp very interesting. How do I keep viewA to use resolver normally?
Something like this?
server: access-control-view: 10.0.0.0/24 viewa access-control-view: 10.0.8.0/24 viewb view: name: "viewa" local-zone: "example1.com." dynamic view: name: "viewb" local-zone: "example1.com." static local-data: "test1.example1.com. 90 IN A 10.10.10.10"
Also, I have this config in my custom options for DNS over HTTPS... Is it okay to combine these options?
forward-zone: name: "." forward-ssl-upstream: yes forward-addr: 1.1.1.1@853 forward-addr: 1.0.0.1@853 server:include: /var/unbound/pfb_dnsbl.*conf
-
Just don't make a second view. Only make a view for the non-default responses.
-
And yes, you can add the view stuff after just make sure to include the
server:
bit on a new line first. -
This works for the single host, but no other LAN addresses resolve. Any ideas?
server: access-control-view: 10.0.8.0/24 openvpn-view view: name: "openvpn-view" local-zone: "hostame.example." static local-data: "hostname.example. 90 IN A X.X.X.X"
-
This post is deleted! -
Change
static
totransparent
, perhaps -
Functionality seems the same. I should note that other addresses internal only end in "example" as well.
Since I only want to resolve to public address for this override, is there any way I can force hostname.example to use a public DNS server like 1.1.1.1? and all other hostname2.example, hostname3.example, etc. use pfsense resolver normally.