Text only | Text with Images

OPNsense Forum

Archive => 20.1 Legacy Series => Topic started by: ArminF on February 11, 2020, 09:45:02 PM

Title: Difference between Squid ACL vs DNSBL
Post by: ArminF on February 11, 2020, 09:45:02 PM
Hello,
what is the difference between using Squid with ACL blocklists (URL, Malware, Suspicious Sources) and DNSBL through a DNS like Unbound or bind?
Does it make sense to run both parallel? As far i understood both strategies act the same.

thank you!
A
Title: Re: Difference between Squid ACL vs DNSBL
Post by: mimugmail on February 11, 2020, 10:41:59 PM
Similar, yes, but in theory you could also use URIs with Squid
Title: Re: Difference between Squid ACL vs DNSBL
Post by: bartjsmit on February 12, 2020, 10:12:28 AM
Unbound or bind only block DNS requests. If a client connects on an IP address (e.g. through a hosts file) they will bypass the block.

Allowing only outbound HTTP(S) from Squid plugs that hole.

You can use both to improve performance, since a lot of blacklisted DNS requests will be cached.

Bart...
Title: Re: Difference between Squid ACL vs DNSBL
Post by: ArminF on February 12, 2020, 10:15:47 AM
Gentlemen,

thank you very mich for your kind help and explanation!

Will go configure and test further.
Also started to document my changes.

thank you
armin
Text only | Text with Images