DNS

How to Configure Dynamic DNS in OPNsense

How to Configure Dynamic DNS in OPNsense

Have a non-static public facing IP address and want to utilize dynamic DNS?

If you have software/services running on your local network that you want to remotely access, you may have encountered a situation in which your IP address changes periodically. Many ISPs do not assign static IP addresses to non-business accounts especially for IPv4 addresses because they are extremely limited and have technically been exhausted for some time now. When your modem stays connected for a long period of time with an ISP, it is possible your IP address will not change often.
How to Configure DNS over HTTPS (DoH) Using DNSCrypt-Proxy in OPNsense

How to Configure DNS over HTTPS (DoH) Using DNSCrypt-Proxy in OPNsense

Add more privacy by encrypting your DNS queries!

Historically, DNS is a service that was designed to be unencrypted. Whenever a device from your network is trying to go to a web address, it needs to determine the IP address of the website in order to access it. With the increasing levels of tracking and data sharing/selling, a growing awareness that having DNS traffic unencrypted is not a good idea from a privacy and security standpoint. ISPs and other entities are able to know which sites you visit even if all of your web traffic is encrypted.
How to Configure Split DNS in OPNsense using Unbound DNS

How to Configure Split DNS in OPNsense using Unbound DNS

Want local users to use your internal IP address rather than the external address?

On my home network, I host a few public facing services that my family and I make use of when away from home such as Plex Media Server. On Plex I have limited the bandwidth remote users may use to be slightly less than the maximum of my upload speed so my home network is still usable. I am using my own registered domain name which I use to refer to devices on my network (both internally and externally, which you can read more about with another article I wrote).
Use Your Own Domain Name in Your Home Network with OPNsense

Use Your Own Domain Name in Your Home Network with OPNsense

Would you like to use your own domain name on your internal home network?

One nice thing about utilizing more advanced router features is that you can do neat things such as using your own domain name in your home network. This allows you to refer to devices on your network by using the device name/hostname followed by the domain name. For instance, server.homenetworkguy.com could refer to a host named “server” that exists on the network using the domain name “homenetworkguy.com”. Of course, depending on your configuration, you could just use the hostname “server” to access various services on your device(s) such as a fileshare, which will be shorter than including the domain name.
Network-Wide DNS Blocking of Advertising, Telemetry, and Malicious Domains

Network-Wide DNS Blocking of Advertising, Telemetry, and Malicious Domains

Configure the DNS Settings in OPNsense to use Pi-hole

In my home network I wanted to set up a dedicated Pi-hole installation so that I could have network-wide ad blocking. Additionally, I could reduce the telemetry/tracking performed by applications and operating systems as well as potentially block malware. Pi-hole provides the ability to view the DNS traffic on my network on a per device basis, which may present valuable insight in detecting unusual activity on the network. While OPNsense can be configured to provide DNS blocking, I really like the graphs and logging of Pi-hole.