I've tried to set up adblocking within OPNsense, as a replacement for Pi-Hole, but came across some issues which have been addressed here already as well:
- not working;
- list are not updated; you have to set a separate cron job for it (and in my case it still didn't work);
- need to reboot first;
- lists are only updated if you untag enabled.
etc.
Is my perception that adblocking on OPNsense is not yet mature enough to use it?
I encourage adblocking within OPNsense as it would simplify my network and, in principle, it should be slightly faster.
If it should be able to proper use adblocking on OPNsense: what is the correct way to set it up? Which steps have to be taken?
I've determined that /var/unbound/etc/dnsbl.conf blacklist is getting created just fine.
However, the new dnsbl.conf file is not being loaded to Unbound using the existing GUI or cron jobs.
I need to execute "/usr/local/sbin/configctl unbound reload" either manually or in a separate cron job to add dnsbl.conf to Unbound.
Quote from: Gary7 on November 14, 2020, 12:03:10 PM
I've determined that /var/unbound/etc/dnsbl.conf blacklist is getting created just fine.
However, the new dnsbl.conf file is not being loaded to Unbound using the existing GUI or cron jobs.
I need to execute "/usr/local/sbin/configctl unbound reload" either manually or in a separate cron job to add dnsbl.conf to Unbound.
How do you check whether or not the dnsbl.conf has been loaded onto Unbound?
I was wondering why some DNS names were still resolving when they are in dnsbl.conf. i.e. doubleclick.net & doubleclick.com
After executing "configctl unbound reload" and it took a minute or two to run, doubleclick.net & doubleclick.com resolved to 0.0.0.0
Friend, you might want to install Sensei. It blocks ads and malware websites and it completely does not care about which DNS servers you use (yes, you may even use DoH or DoT in your browser, it doesn't care).
Unbound DNSBL integration is not the most polished feature of OPNsense at the moment. I think it has all the latitude to get better with time (and dev love ;) )
Installing Sensei -may- do fine about blocking some stuff at leat but if you want to stay FOSS on your machine anf have maximum control on your resolver... YMMV depending on what you want to do exactly.
Also you're condomned to monkey around with the GUI on the Sensei softeare bit. Not sure on that lasto one : I just took a tour of it for 2 months.
Figured I'd ask this in here since I'm not sure if others have seen this too. I'm noticing when I whitelist something or turn off the blacklist for troubleshooting, it takes a long time for the changes to kick in. Anyone notice this too or know of a way to speed this up? I wish there was a button in the UI or it would do this by default.