So I have a domain that points to my router using DDNS and I liked to use that to access my local machines so machine1.foobar.house, machine2.foobar.house, etc.
I can’t for the life of me figure out how to recreate that using luci, it was really nice having it injected into the dns.
I know about the .lan but I would rather have all my dhcp clients be subdomains of my DDNS domain. So for example if I owned foobar.house laptop.foobar.house etc
I’ve been trying to set the same thing up for hours but I can’t figure it out. It doesn’t help that things like reading syslog doesn’t really seem to be working either when trying to debug. So far my Turris Omnia seems like a massive waste of time compared to pfSense that I’m used to but which doesn’t give me the performance I need on the hardware I have.
I did this and works great, but from home I did nessus scan targeting the omnia from outside, and the port 53 is open to the network… does it have to be to have it work properly ?
Dnsmasq listens on the port 53 on all interfaces and accepts connections only from IPs from local subnet of each interface - and that includes wan. Normally, however, you should have firewall on the wan side to drop packets not related to established connections (it’s the default).
I haven’t touched firewall yet, and as far as I remember for wan port is reject, accept, reject:
Nessus detect following issues:
Port: 53 / udp / dns - The DNS query was 17 bytes long, the answer is 228 bytes long. *Solution (Restrict access to your DNS server from public network or reconfigure it to reject such queries.)
Port: 53 / udp / dns - Nessus sent a non-recursive query for example.com and received 1 answer : 93.184.216.34 *DNS Server Cache Snooping Remote Information Disclosure
It seems that its the only port open towards public, and this issues are marked as “Medium Risk” but still I would rather have this covered as well…also I thought that only internal LAN needs the DNS port and nothing from outside needs that.