OPNsense BIND Plugin Configuration

Setting up BIND can be a challenge in of itself. Interfaces can be make things easier, but it isn’t always quiet obvious how-to go about achieving what you want, and still require some knowledge of BIND/named configuration.

As with OPNsense DNS plugin, can be quite tricky to get right. This post is how I got my internal domain, hq.cormier.co, setup in OPNsense, complete with reverse zones.

Plugins BIND

Plugin Install

You can install the os-bind plug from the System > Firmware > Plugins page. Once installed you can find the BIND menus under Services > BIND.

Service BIND Menu

BIND Configuration

In my examples I have three (3) zones. One (1) forward zone, hq.cormier.co, and two (2) reverse zones, 10.0.10.in-addr.apra and 70.0.10.in-addr.apra, for the networks 10.0.10.0/24 and 10.0.70.0/24 respectively.

BIND Zones

Example of how I created my forward lookup zone hq.cormier.co.

BIND Add Zone

Our records for the forward zone hq.cormier.co. Add NS and corresponding A record for our name server. In my example, fw.

BIND Zone Records

The records for reverse zones will have just the host end as the name and full FQDN for the value. As an example to reverse resolve for 10.0.70.1, I would create record with name 1 in zone 70.0.10.in-addr.arpa. This seems odd at first, but this is the notation.

The following records will need to be created in the reverse zones that you create. Notice, the periods on the end of the FQDN for the values of reverse zone records.

  • Nameserver (NS) record
    • Name: <blank> or @ depends on interface
    • Value: fw.hq.cormier.co. (notice period)
  • PTR for A record host (1 in my example)
    • Name: 1
    • Value: fw.hq.cormier.co. (notice period)

Important note, notice the value ends with a period (.), this is the FQDN notation, if the period is missing BIND will append the zone name, in this case it would fw.hq.cormier.co.70.0.10.in-addr.arpa, which would be an error.

BIND Reverse Zone Records

Lookups

To verify our zone we will query using nslookup command line tool

$ nslookup
> fw.hq.cormier.co
Server:		10.0.70.1
Address:	10.0.70.1#53

Name:	fw.hq.cormier.co
Address: 10.0.70.1
> 10.0.70.1
Server:		10.0.70.1
Address:	10.0.70.1#53

1.70.0.10.in-addr.arpa	name = fw.hq.cormier.co.
>
Mar 11, 2021 · Filed in: OPNsense, BIND, DNS
Words: 400