1
General Discussion / Re: unbound returns from DNSBLs
« on: September 11, 2018, 05:15:19 am »
OK, I have now found the "complete answer".
The problem results from decisions made as the result of https://forum.opnsense.org/index.php?topic=1416.0 which I believe were deficient (but probably seemed like a good idea at the time) and should be fixed by the maintainers (Franco?).
Please check the thread above against the man page for unbound.conf - refer to section private-address:
So I would like the maintainers of /usr/local/etc/inc/plugins.inc.d/unbound.inc to review the thread above, unbound.conf(5) and modify unbound.inc appropriately.
In the mean time after firmware upgrades, I run:
Cheers
Pete
The problem results from decisions made as the result of https://forum.opnsense.org/index.php?topic=1416.0 which I believe were deficient (but probably seemed like a good idea at the time) and should be fixed by the maintainers (Franco?).
Please check the thread above against the man page for unbound.conf - refer to section private-address:
Quote
These are addresses on your private network, and are not allowed to be
returned for public internet names. [snip]
Turning on 127.0.0.0/8 would hinder many spamblocklists as they use that.
So I would like the maintainers of /usr/local/etc/inc/plugins.inc.d/unbound.inc to review the thread above, unbound.conf(5) and modify unbound.inc appropriately.
In the mean time after firmware upgrades, I run:
Code: [Select]
# sed -i.orig -e 's/^private-address: 127.0.0.0\/8/## private-address: 127.0.0.0\/8/' /usr/local/etc/inc/plugins.inc.d/unbound.inc
and then re-start unbound from the GUI Cheers
Pete