Do you have a public static IP or more on the WAN interface?
Your LAN is on a private IP range with a NAT firewall?
Or you do just routing and have a bunch of public IP’s on LAN?
Will it be the only authoritative dns server for this domain?
Are you behind a typical isp provider? they mostly prohibit a open 53 port…
if you do some NAT translating and your servers are on private IP’s
with some portforwarding / SNAT and DNAT / NAT 1:1 / etc.
most configurations will have different domains for public IP('s)
and the private IP’s
(and if you need to change a public ip to point to a private
for let’s say developing purposes - you do it on the clients hosts file)
and you should split your authoritative and recursive (local) dns server
even your authoritative dns server should not be recursive …
(with complex configurations you can achieve both behaviors on one server)
the best option seems to me to have on the omnia a recursive local dns server
with the local domain names (.lan/.localdomain/.domain/.local/.example.com/…)
not accesible from the internet and not mixing local domain names with the public
just serving the local names and caching/forwarding all requests to another dns server
and spin up a full blown authoritative dns server on one of your servers
with for example portforwarding the right port’s from WAN to this server
but you can do it also all in one on the omnia firewall with a authoritative dns server
try the original knot-resolver - i dont think it will work
or install an authoritative dns server instead of the knot-resolver (even full knot)
(or run it in a container…) for example:
Unbound DNS Resolver on Turris
this will break the dns part of the reforis gui…
you have to open the ports on wan for dns for the omnia device itself
enable local domain resolving only for local clients ip
disable recursive resolving for the internet ip’s (or the isp will hate you)
define your zone, acl’s for your zone, notify for the zone, dynamic updates, tsig etc.
or have two dns servers running on the omnia,
one bound to the lan ip and another to the wan ip
i didn’t try this with a dns server on omnia, but it should be possible
(I’m running a couple of bind and technitium dns servers
configured as all in one or separate authoritative / recursive…)