Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - hsimah

Pages1
#1
Intrusion Detection and Prevention / Re: Error reconfiguring IDS: Error (1) / Hyperscan: Error installing ids rules (1)
August 15, 2020, 04:05:52 PM
Any update on this as I am having the same issue, and started after installing the non-commercial rules plugin.

Code Select
Error reconfiguring IDS
error installing ids rules (Error (1))
#2
20.7 Legacy Series / Re: Unbound DNS query & assistance
August 14, 2020, 05:53:15 AM
Quote from: opnfwb on August 13, 2020, 04:41:46 PM
Quote from: hsimah on August 13, 2020, 03:51:23 AM
Can Unbound DNS probe every server I have listed and serve up the result which responded first? If so, how would I configure this?
This used to be possible with DNSMASQ, there was a separate ability to query sequentially, or with with a round robin style for all specified DNS servers.

However, for Unbound, I'm only aware of it using a round robin style query by default.

It's also worth noting, your config mixes two DNS providers with different use cases. Your Google DNS and CloudFlare DNS will do DNSSEC/DoT, but no filtering. Your Quad9 will do DNSSEC/DoT, and malware filtering. Due to the way Unbound will randomly query either one, you may get inconsistent results back to your clients. It's very likely that google may recommend one CDN location, while Quad9 may provide results for another. You'd be better off picking one of those two services only. Which one is another discussion entirely but, Quad9 has a much better stance on user privacy so I know which one I'd go with.  :)

I don't believe I have any Google DNS providers in my config file, only Cloudflare & Quad9.
#3
20.7 Legacy Series / Re: Unbound DNS query & assistance
August 13, 2020, 08:37:08 AM
Quote from: tong2x on August 13, 2020, 08:16:55 AM

yes it is possible, check "forwarder" in ubound general settings
DNS Query Forwarding    [check] Enable Forwarding Mode

in system->settings->general
DNS server options   [uncheck] Allow DNS server list to be overridden by DHCP/PPP on WAN

in DNS servers (same page)
for each WAN you have, select different DNS servers

Thank you for your response, I am using DNSSEC and have the below custom options so I don't think your guide would work in my case?

Code Select
server:
tls-cert-bundle: "/etc/ssl/cert.pem"
forward-zone:
name: "."
forward-ssl-upstream: yes
forward-addr: 1.1.1.1@853#one.one.one.one
forward-addr: 1.0.0.1@853#1dot1dot1dot1.cloudflare-dns.com
forward-addr: 2606:4700:4700::1111@853#one.one.one.one
forward-addr: 2606:4700:4700::1001@853#1dot1dot1dot1.cloudflare-dns.com
forward-addr: 9.9.9.9@853#dns9.quad9.net
forward-addr: 149.112.112.112@853#rpz-public-resolver1.rrdns.pch.net
forward-addr: 2620:fe::fe@853#dns.quad9.net
forward-addr: 2620:fe::fe:9@853#dns9.quad9.net
#4
20.7 Legacy Series / Unbound DNS query & assistance
August 13, 2020, 03:51:23 AM
Hello from Australia :)

I require your expertise and assistance!

Can Unbound DNS probe every server I have listed and serve up the result which responded first? If so, how would I configure this?

Appreciate your assistance in advance.
Pages1