So I am very new to OPNsense, migrating from Smoothwall. I have a new setup with multiple vlans, FW rules, etc. For the most part things are working pretty good now. It sounds like this is a great platform, so happy to be able to utilize it now!
My next trick is to get as much ad blocking and family safe searching as possible. Currently I use Ad Guards Family DNS servers and U block Origin on the browser. This works great but I want to take things to the next level as there are LOTS of ads and such going on behind the scenes that I would like to block.
First, can Bind and Unbound DNS work together or is it best to use only one? For Bind, do I need FW rules as I currently don't have any DNS rules that I setup, only the default ones. If these can work together, based on the screenshots, is mine setup optimally? I don't think its working 100% from what I can tell. I do think some ads are being blocked so it may be close.
I would also like like to enforce the Safe Search features which I have enabled and checked but not sure they are working from my initial testing?
Bonus Points/1up's if I can get YT ads blocked from a WebOS TV setup!!! ;D
Any help would be greatly appreciated.
(https://i.imgur.com/foUeEzD.png)
(https://i.imgur.com/UVZWHqm.png)
(https://i.imgur.com/wLYFJtK.png)
(https://i.imgur.com/6HL3QpH.png)
Any help with this setup... plz :-\
Hello, can anyone Please help out here... Thanks... ???
Okay, I am not any expert in this, but a few things I can tell:
Unbound is a replacement for BIND, with limited functionality that most likely will be enough for most people.
So no do not run BIND and Unbound at the same time, they both talk thru port 53 (udp most of the time, although it is possible sometimes to go 53 and tcp). One or the other, but not both. Your choice.
YouTube: I have never heard of a DNS blocking software that can remove ads from YouTube. Normally I recommend Ghostery for that, but that needs to be installed on the clients web browser...
Regarding firewall rules, this might help: https://forum.opnsense.org/index.php?topic=9245.0 (https://forum.opnsense.org/index.php?topic=9245.0)
Thanks for the reply!!
Yea I guess I need to pick one, sounds like unbound is prob enough, esp since I am not sure what I am "missing". I will look further into this and prob disable bind.
Thanks for the link, I have been wanting to do this also, esp with using a VPN on one client, trying to force DNS through OPNSense to help with ad blocking and such.
Every little bit of info helps... ;D
Just use Unbound. It has no safesearch but easier to configure
Quote from: mimugmail on December 09, 2020, 05:54:05 AM
Just use Unbound. It has no safesearch but easier to configure
Thanks mimugmail!!
I was actually following your site to help set this up. "Blocking Ad's (Option 0 – NEW)"
So for now, I disabled Bind and only using unbound. I think I still have some testing to do as I dont think my DNS servers listed under
System: Settings: General are actually taking effect. I am testing with both 8.8.8.8 (temp test) and nothing, and Cloudflare still shows up on a dnsleaktest result. I would expect my ISP DNS servers to be listed. Eventually I want to use Cloudflare 1.1.1.1 servers.
So I think I figured out why none of my devices were using the DNS servers I had listed under System.... I did not have the DNS Query Forwarding checked, Duh.... Seems like things are running good now... In case anyone runs into this, here is where it is under unbound.
(https://i.imgur.com/YIgS8MO.png)
Great, thx for feedback.
As you see on the solution "0 - NEW" it was a long way to get things done right :D 8)
Enjoy OPNsense .. it's free .. only costs time and grey hairs :P
Quote from: mimugmail on December 10, 2020, 11:08:31 AMEnjoy OPNsense .. it's free .. only costs time and grey hairs :P
Oh sh*t, all my grey hair is from my challenges with OPNsense :o ?
Naa that can't be true, it's not that bad - it is pretty amazing actually, I only need to learn a lot more "stuff"... And I mean A LOT MORE....
LOL... I thought it was only me stressing over this setup, even though I consider myself "decent" with Networking and such... :o
Yea I really do like OPNsense ALOT and I think once I figure out what I need to know (there are so many options available it seems if I ever need them), I will be good. I dont see myself needing or wanting to change to anything else. I am trying to clean and simplify my FW rules and optimize where I can, taking backups along the way. Nearly locked myself out of the GUI the other day changing the LAN interface assignment, luckily I still had access through another vlan, lol! Locking that down is next but glad it was still open for now. Next up is setting up a NAS, but I am getting OT now.
Thanks again guys... ;D