BIND/Unbound/DoT leakage

Started by OPNsense4ever, March 08, 2019, 03:02:42 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
March 08, 2019, 03:02:42 AM Last Edit: March 08, 2019, 03:05:26 AM by OPNsense4ever
Hello,

I set up Unbound recently to encrypt my DNS requests to 1.1.1.1 and 9.9.9.10. I then setup a NAT rule to push any port 53 request back to localhost for Unbound to grab and encrypt. This works as expected.

The next part is to set the kids' devices to use BIND so that I can use some of the DNSBLs there as well as force safe-search for Google, Bing, etc. I'm doing this with another NAT rule which works great. What I want is for BIND to forward requests to Unbound so that the non-blacklisted requests are encrypted. I guess I don't understand the "DNS Forwarders" field? Right now BIND is just hitting the Internet itself to look these up even though I have 127.0.0.1 in the "DNS Forwarders" field. I see them via tcpdump.

Is there any way to get this done?

Thanks so much!
March 08, 2019, 07:34:04 AM #1
For protecting and monitoring kids' activities online either pi-hole.net  or quidsup.net --NoTrack might be better suited for the task. Youtube is your friend here.
March 08, 2019, 09:58:41 AM #2
With 19.1.3 you can also just use dnscrypt-proxy plugin. It will encrypt DNS and has DNSBL aboard.
March 08, 2019, 11:23:01 AM #3
I'm not an expert, but a block rule

Block port 53 any NOT LANaddress

should do the trick and not allow any DNS except via the sense, or?
kind regards
chemlud
____
"The price of reliability is the pursuit of the utmost simplicity."
C.A.R. Hoare

felix eichhorns premium katzenfutter mit der extraportion energie

A router is not a switch - A router is not a switch - A router is not a switch - A rou....
March 09, 2019, 09:57:55 PM #4
I'll check out dns-proxy, but I'm not sure that would solve this as I think it might be firewall/NAT issue. My WAN interface rules look like this now:



But I still see DNS requests going out on the WAN interface.
Print
Go Up Pages1
User actions