opnsense_dns_add_forward
Add a DNS-over-TLS forwarding server for a specific domain to redirect DNS queries to a defined server and port.
Instructions
Add a DNS forwarding server (DNS-over-TLS). Run opnsense_dns_apply afterwards to activate.
Input Schema
TableJSON Schema
| Name | Required | Description | Default |
|---|---|---|---|
| domain | Yes | Domain to forward (e.g. 'example.com') | |
| server | Yes | DNS server IP address | |
| port | No | DNS server port (default: 53) |
Implementation Reference
- src/tools/dns.ts:324-335 (handler)The handler function case for opnsense_dns_add_forward. Parses args with AddForwardSchema, then POSTs to /unbound/settings/addDot with domain, server, and port.
case "opnsense_dns_add_forward": { const parsed = AddForwardSchema.parse(args); const result = await client.post("/unbound/settings/addDot", { dot: { enabled: "1", domain: parsed.domain, server: parsed.server, port: String(parsed.port), }, }); return { content: [{ type: "text", text: JSON.stringify(result, null, 2) }] }; } - src/tools/dns.ts:21-25 (schema)AddForwardSchema defines Zod validation for the tool: domain (DomainSchema), server (IP), and optional port (default 53).
const AddForwardSchema = z.object({ domain: DomainSchema, server: z.string().ip({ message: "Invalid server IP address" }), port: z.number().int().min(1).max(65535).optional().default(53), }); - src/tools/dns.ts:121-137 (registration)Tool definition registration in dnsToolDefinitions array: name, description, and inputSchema for opnsense_dns_add_forward.
{ name: "opnsense_dns_add_forward", description: "Add a DNS forwarding server (DNS-over-TLS). Run opnsense_dns_apply afterwards to activate.", inputSchema: { type: "object" as const, properties: { domain: { type: "string", description: "Domain to forward (e.g. 'example.com')" }, server: { type: "string", description: "DNS server IP address" }, port: { type: "number", description: "DNS server port (default: 53)", }, }, required: ["domain", "server"], }, }, - src/index.ts:59-70 (registration)Registration of handleDnsTool as the handler for all dnsToolDefinitions, including opnsense_dns_add_forward.
for (const def of dnsToolDefinitions) toolHandlers.set(def.name, handleDnsTool); for (const def of firewallToolDefinitions) toolHandlers.set(def.name, handleFirewallTool); for (const def of diagnosticsToolDefinitions) toolHandlers.set(def.name, handleDiagnosticsTool); for (const def of interfacesToolDefinitions) toolHandlers.set(def.name, handleInterfacesTool); for (const def of dhcpToolDefinitions) toolHandlers.set(def.name, handleDhcpTool); for (const def of systemToolDefinitions) toolHandlers.set(def.name, handleSystemTool); for (const def of acmeToolDefinitions) toolHandlers.set(def.name, handleAcmeTool); for (const def of firmwareToolDefinitions) toolHandlers.set(def.name, handleFirmwareTool); for (const def of routingToolDefinitions) toolHandlers.set(def.name, handleRoutingTool); for (const def of vlanToolDefinitions) toolHandlers.set(def.name, handleVlanTool); for (const def of tailscaleToolDefinitions) toolHandlers.set(def.name, handleTailscaleTool); for (const def of natToolDefinitions) toolHandlers.set(def.name, handleNatTool); - src/utils/validation.ts:41-46 (helper)DomainSchema used by AddForwardSchema to validate the 'domain' field.
export const DomainSchema = z .string() .regex( /^(?!-)[a-zA-Z0-9-]{1,63}(?<!-)(?:\.(?!-)[a-zA-Z0-9-]{1,63}(?<!-))*\.[a-zA-Z]{2,}$/, "Invalid domain name", );