Messages

1

General Discussion / Re: No DHCP registered DNS resolution when using Unbound with BIND DNSBL ad-block

« on: February 13, 2020, 04:02:45 pm »

One problem with Unbound DNSBL is that log files aren't exposed in the plugin yet, so if a site is blocked, it's difficult to find out what site was blocked.

2

General Discussion / Re: No DHCP registered DNS resolution when using Unbound with BIND DNSBL ad-block

« on: February 12, 2020, 11:10:28 pm »

That worked, thanks ArminF!

As a bonus, BIND DNS is no longer needed.

3

General Discussion / Re: Install PiHole on Opnsense

« on: January 14, 2020, 11:22:56 pm »

Instructions for generic black lists, personal whitelists:

https://www.routerperformance.net/opnsense/dnsbl-via-bind-plugin

Use System -> Settings -> Cron -> "Download BIND DNSBLs and Restart" to automate updates.

I haven't tried personal black lists, but this posts seems to indicate the sensei plugin can help:

https://forum.opnsense.org/index.php?topic=15414.0

4

General Discussion / Re: No DHCP DNS registration when using Unbound with BIND DNSBL ad-block

« on: January 14, 2020, 08:58:47 pm »

Yes, I did perform the last step with the bizarre quotes in the name parameter which seems to be a typo, and I tried with changing the quotes to normal quotes:

do-not-query-localhost: no
forward-zone:
name: "."
forward-addr: 127.0.0.1@53530

Screenshot attached.

It seems that all queries are still forwarded by Unbound to BIND. If I turn off the port forward, then machines in .localdomain resolve properly.

Can you explain to me what each of the options do? I've read the documentation (https://nlnetlabs.nl/documentation/unbound/unbound.conf/), but I'm new to DNS configuration and more elaboration would help me understand.

It seems to be that {name: "."} forwards everything to BIND (running on 127.0.0.1@53530). It seems we need an option to forward everything except for "*.localdomain".

5

General Discussion / No DHCP registered DNS resolution when using Unbound with BIND DNSBL ad-block

« on: January 14, 2020, 06:06:48 pm »

Originally posted in old thread https://forum.opnsense.org/index.php?topic=10180.new#new, but maybe that thread is too old.

---

I followed the instructions at https://www.routerperformance.net/opnsense/dnsbl-via-bind-plugin, and am successfully blocking ads for my LAN. However, local DNS DHCP registration no longer works for the local network. For example:

~> nslookup brother.localdomain
Server:      192.168.1.1
Address:   192.168.1.1#53

** server can't find brother.localdomain: NXDOMAIN

If I disable the port forward to BIND (Firewall -> NAT -> Port Forward), then local DNS works fine:

~> nslookup brother.localdomain
Server:      192.168.1.1
Address:   192.168.1.1#53

Name:   brother.localdomain
Address: 192.168.1.7

How can I configure OPNSense to use both BIND DNSBL and local DNS DHCP registration?

6

General Discussion / Re: Advices to configure Unbound and Bind plugin for ad-block

« on: January 07, 2020, 04:21:51 am »

I followed the instructions at https://www.routerperformance.net/opnsense/dnsbl-via-bind-plugin, and am successfully blocking ads for my LAN. However, local DNS DHCP registration no longer works for the local network. For example:

~> nslookup brother.localdomain
Server:      192.168.1.1
Address:   192.168.1.1#53

** server can't find brother.localdomain: NXDOMAIN

If I disable the port forward to BIND (Firewall -> NAT -> Port Forward), then local DNS works fine:

~> nslookup brother.localdomain
Server:      192.168.1.1
Address:   192.168.1.1#53

Name:   brother.localdomain
Address: 192.168.1.7

How can I configure OPNSense to use both BIND DNSBL and local DNS DHCP registration?