Text only | Text with Images

OPNsense Forum

English Forums => General Discussion => Topic started by: mush2020 on April 01, 2020, 06:30:24 PM

Title: Dnscrypt-proxy2: 2.0.39 Custom Blacklist
Post by: mush2020 on April 01, 2020, 06:30:24 PM
I have installed Dnscrypt-proxy2: plugin with following version
OPNsense 20.1.3-amd64
os-dnscrypt-proxy: 1.7_1 [OPNsense]
dnscrypt-proxy2: 2.0.39 [OPNsense]

Looking to add custom domain e.g. to blacklist.txt file in /usr/local/etc/dnscrypt-proxy directory
*.tv
*.xyz
It looks that this blacklist.txt file not accept any manual entries, as after some time it rollbacks to the original.
So how can additional domains and IP address or add github links to download could be added as custom blacklist

Also i could not see any Blacklist tab as such in Opnsense - Dnscrypty-Proxy under services


looking to hear for some directions

Thanks
Title: Re: Dnscrypt-proxy2: 2.0.39 Custom Blacklist
Post by: mimugmail on April 01, 2020, 07:25:00 PM
Currently manual additions are not possible
Title: Re: Dnscrypt-proxy2: 2.0.39 Custom Blacklist
Post by: mush2020 on April 01, 2020, 08:15:40 PM
Thanks for prompt reply.
how can i add this blacklist https://github.com/notracking/hosts-blocklists/wiki/Install-dnscrypt-proxy
or any other public blacklist and create a cron job for daily updates.
Title: Re: Dnscrypt-proxy2: 2.0.39 Custom Blacklist
Post by: mimugmail on April 01, 2020, 09:52:09 PM
Manual lists are only available in unbound-plus which will be released in some weeks
Title: Re: Dnscrypt-proxy2: 2.0.39 Custom Blacklist
Post by: mush2020 on April 09, 2020, 05:44:34 PM
I have now installed unbound plus and cloud see Blacklist, few queries
1. Does unbound + replaces DNSCrypt-Proxy 2? Both has identical DNSBL providers
2. How to add custom blacklist for TLDs? like i want to block *.xyz
3. Is it possible to add Shalla or UT1 links to Blacklist for domains filtering based on web categorization?
4. What changes required in firewall and NAT rules if only unbound+ is used? eg. now with DNSCrypt Proxy port forwarding DNS 5353 is used along with unbound + port 53
5. should unbound + Adv options required
do-not-query-localhost: no
forward-zone:
name: "."
forward-addr: 127.0.0.1@5353
Title: Re: Dnscrypt-proxy2: 2.0.39 Custom Blacklist
Post by: mimugmail on April 09, 2020, 05:53:30 PM
- It replaces dnscrypt if you only use it for DNSBL, if you also use encryption you need to wait for the next update supporting DoT
- You can add custom domains via Overrides I'd guess
- Shalla uses URI and not URL .. this won't work
- No port forward required since Unbound uses local port 53
- No advanced options .. its all in there ..

Cool thing  8)
Title: Re: Dnscrypt-proxy2: 2.0.39 Custom Blacklist
Post by: mush2020 on April 09, 2020, 05:59:35 PM
Thanks,
How about adding DoH, more specifically i want to use DNS servers like cleanbrowsing is it possible to add.
As you mentioned earlier in the post, where i can now add manual blacklist in unbound+
Title: Re: Dnscrypt-proxy2: 2.0.39 Custom Blacklist
Post by: mimugmail on April 09, 2020, 10:24:06 PM
Unbound only supports DoT. The URL free form allows to you add a URL
Text only | Text with Images