Messages

Thank you for your reply.

First: I found out what I did wrong. I had disabled forwarding in Unbound, thinking that it would forward all my requests to the upstream dns at once, without looking in the cache. Turns out "forwarding" just means "disable recursion". No idea why they would not just name it disable recursion :?

As for your setup: I think in the future I will need to configure a dnssec server for Mozilla or Windows. As for Chrome: I am guessing Google is going to do all to use their DNS servers in there. That's why they are using dns over https: way harder to block and filter, thus generating more data for them.

OPNDns actually supports dnssec, so I would hope that is what's used when I configure it in OPNSense? As for my isp looking in: I really don't mind that much. I want to spread my data, so that there is not ONE source that knows everything about me (Google). A few others that have data that they are mostly not allowed to use does not bother me that much :)

Hi folks,

I have set up unbound for my lan dns server. I use opendns for my upstream (via OPNSense).
A couple of days ago I installed the blacklist plugin for OPNSense. It seems to work: I get no ads.

However, I want to block everything Google (except Youtube). I have tried to find a nice list that blocks all the google domains, but to no avail. So I put my own .txt file on my domain with 0.0.0.0 google.com, etc. in it: does not work. After that I thought I'd block all search engines via opendns and make some exceptions for DuckDuckgo and Bing (maps): does not work either! For some reason I can still reach all the Google domains.

At least the opendns way used to work fine. Is there something I am missing? Can there still be a different place where Unbounds gets it's names from?

Ok, here's what I did to fix it.
My onboard NIC can only receive an IPv4 address from my provider _in the OPNSense vm_  so I disabled IPv4 on the host. Of course, there is no need for this on the second adapter since that will just get a dhcp address from OPNSense.

So I enabled the IPv4 stack for the 2nd adapter and voila: works.

I might be better off not doing stuff like this at 2AM :P

Hi folks, I hope you can help me.
I just installed OPNSense: seems to work out of the box! I am running it on a laptop with VMWare Workstation Pro installed.

I am running several more VM's on this host. However, I made a small booboo when configuring the network.
Current situation:

OPNSense VM with two bridged network adapters.
One adapter bridged directly do my cable modem (wan).
One adapter bridged to a switch (lan).

I forgot that if I bridge both my physical adapters the rest of the VM's on the host will only have the wifi adapter to bind to. Meaning that I now have my NAS/Nextcloud running via the wifi interface of the laptop :(

Can anyone advice me on what the best way is to correct this? Can I just set the (lan) interface to NAT on the host? Or host only even? I cannot attach a third ethernet card, so that is not an option :P