OPNsense Forum
English Forums => Web Proxy Filtering and Caching => Topic started by: owen2kau on November 23, 2023, 07:52:29 am
-
Hi All, Pretty new to this, just moved over from Untangled, just using for home use, so trying to get it all working as well as possible.
so im looking to get safesearch to work if the user changes the default DNS on their client. (it works fine with default DHCP settings from the opnsense server)
ive got it so the DNS redirects so if they change it to for example 8.8.8.8, it will redirect to my unbound local DNS server, thats all working good and a lot of the sites are now blocking.
while thats all good and well, there are so many dodgy sites out there, to individually block each and every one will take forever, ive got the free version of zenarmour running and loaded some remote ACLs into unbound that seem to do a good job of blocking a lot of the sites but still many get through.
so even though the 8.8.8.8 is being directed to my local LAN DNS, it does not implement the local policies when forwarded, so for example if my DNS is set to local dns and i search the safesearch works, but if its redirected from 8.8.8.8 from the client, it will block sites correctly (tested through NSLOOKUP to verify) but the safesearch isnt working.
if theres some way i can get it to safesearch with the DNS changed that covers most bases, i cant think of any way it could be done other than something that modifies the initial dns request to change the IP address in the sending packet, unless there is something hidden away somewhere in Unbound or Web filter that can do this regardless of what DNS is used.
also down the line, does anyone know if the paid home version of Zenarmour which also has a safesearch function works no matter what the DNS is set to on the client? i guess if so thats an option if there is no other way round it,
thanks