Register Interface Address in DNS Resolver

  • What are the ways to register the OpenVPN server interface address with DNS Resolver?

    Guessing a DNS Resolver Host Override would work.  Is that correct?  But is there anyway of having the OpenVPN config register it automatically so that any future tunnel network changes there are handled without having to remember to manually change a host override?

  • LAYER 8 Global Moderator


    So for example I have a tunnel network of 10.0.8/24 what interface exactly are you wanting to resolve in a tunnel network and from where?  I don't think it is clicking for me on why would the interface for openvpn used in this tunnel would have to be resolvable?  And each client would have different IP in the tunnel, and pfsense would have different IPs in the tunnel for each client since the clients gets an address in /30 out of that tunnel network.

    Connection-specific DNS Suffix  . : local.lan
      Description . . . . . . . . . . . : TAP-Windows Adapter V9
      Physical Address. . . . . . . . . : 00-FF-EE-16-B9-3C
      DHCP Enabled. . . . . . . . . . . : Yes
      Autoconfiguration Enabled . . . . : Yes
      IPv6 Address. . . . . . . . . . . : 2001:snipped::1000(Preferred)
      Link-local IPv6 Address . . . . . : fe80::fd9b:6799:7fc9:2969%27(Preferred)
      IPv4 Address. . . . . . . . . . . :
      Subnet Mask . . . . . . . . . . . :
      Lease Obtained. . . . . . . . . . : Tuesday, October 20, 2015 9:10:51 AM
      Lease Expires . . . . . . . . . . : Wednesday, October 19, 2016 9:10:50 AM

    route…    20

    Another client connecting would get a different /30, unless you have check address top.  So are you wanting to resolve the or the that would be this clients gateway?

    Allocate only one IP per client (topology subnet), rather than an isolated subnet per client (topology net30).
      Relevant when supplying a virtual adapter IP address to clients when using tun mode on IPv4.
    Some clients may require this even for IPv6, such as OpenVPN Connect (iOS/Android). Others may break if it is present, such as older versions of OpenVPN or clients such as Yealink phones.

    Either way I still don't understand when that interface would need to be resolvable?

    1. Never said it needs to be resolvable.  Yes, I know, OpenVPN is functional without it being resolvable.
    2. There are times that it is convenient for it to be resolvable even though it's not a functional necessity.
    3. The interest is in methods of registering with DNS Resolver.  Irrespective of the merits of doing so.
    4. Not seeking debate of the merits of it being resolvable.
    5. Preferably register in some dynamic/automatic fashion rather the manual override entry.

  • LAYER 8 Global Moderator

    1. The interest is in methods of registering with DNS Resolver

    ie its resolvable ;)  What is the point of registering it in resolver if your not wanting to resolve it?? ;)  So yeah the desire/need to resolve is clearly debatable…  Why should we discuss doing something that has no actual value??

    Eitherway other than an override I do not know a way of registering that IP, which again could be lots of different IPs for each vpn client based upon their /30  What name would it be?  If going to resolve it, has to have a NAME..  so just going to be pfsensename? or pfsense.openvpn.yourdomain.tld ?  What name would you use to resolve it with?  If just PTR, what name would it return?

    Guess you could ask for a feature request or do some coding to come up with a name for these IPs being used.. So that it could be registered in resolver without override.

Log in to reply