"
Yes I did, thanks so much!
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages1
#2
General Discussion / Re: Unbound DNSBL on selection of interfaces?
April 04, 2023, 09:52:51 AM
Late to the game, but still: I think this would be quite a handy feature, but also am not sure if it is easily achievable with unbound.
My desired scenario would be similar: Allowing different blocklist configurations for different interfaces, so not only enable/disable DNS blocking per interface. For example, having a "global blocklist" on all interfaces (e.g. for blocking malware/phishing), and additional blocklists per interface (e.g. for blocking certain content).
My desired scenario would be similar: Allowing different blocklist configurations for different interfaces, so not only enable/disable DNS blocking per interface. For example, having a "global blocklist" on all interfaces (e.g. for blocking malware/phishing), and additional blocklists per interface (e.g. for blocking certain content).
#3
22.1 Legacy Series / Re: WAN interface flapping with 22.1.2
April 05, 2022, 02:29:09 PM
I have also experienced WAN flapping with v22.1.4. (All Intel NICs, if that's relevant)
Disabling MAC Spoofing and/or IPS did not resolve the issue, neither did a rollback to 22.1.1.
Finally I had to re-install 21.7 to reach stability again.
Disabling MAC Spoofing and/or IPS did not resolve the issue, neither did a rollback to 22.1.1.
Finally I had to re-install 21.7 to reach stability again.
#4
21.7 Legacy Series / Re: [SOLVED] Unbound: Alternative to DNS Custom options, e.g. for forward zones
November 17, 2021, 09:40:57 AM
Update: Yes, this works like a charm. Shame on me for not noticing, and thanks to pmhausen for explaining!
Marking this thread as solved now.
Marking this thread as solved now.
#5
21.7 Legacy Series / Re: Unbound: Alternative to DNS Custom options, e.g. for forward zones
November 03, 2021, 09:46:52 AM
:O
Seems I have overlooked this for quite some time (I have a lot of Host overrides, so the "Domain Override" part is only visible after scrolling).
But yeah, that should do exactly what I need. Thanks for pointing that out!
I will try this as soon as possible.
Seems I have overlooked this for quite some time (I have a lot of Host overrides, so the "Domain Override" part is only visible after scrolling).
But yeah, that should do exactly what I need. Thanks for pointing that out!
I will try this as soon as possible.
#6
21.7 Legacy Series / Re: Unbound: Alternative to DNS Custom options, e.g. for forward zones
November 03, 2021, 08:17:02 AM
Thank you for the reply! But I don't see how that would work, maybe I'm not getting it.
AFAIK Domain overrides are specific to one host, giving it an IP that then will not be looked up through the "regular" means. But I don't know the IPs of the hosts in the domain that I want to forward... so all requests to any hosts in that domain need to be answered by a DNS server in that domain.
Is this possible with Domain overrides?
AFAIK Domain overrides are specific to one host, giving it an IP that then will not be looked up through the "regular" means. But I don't know the IPs of the hosts in the domain that I want to forward... so all requests to any hosts in that domain need to be answered by a DNS server in that domain.
Is this possible with Domain overrides?
#7
21.7 Legacy Series / [SOLVED] Unbound: Alternative to DNS Custom options, e.g. for forward zones
November 02, 2021, 03:06:33 PM
Hi all,
with the 21.7 release, the "Custom Options" field for Unbound was removed. Since this was already announced and the use of this field discouraged for quite some time, this is not a surprise.
However, I find myself wondering if there are plans to make some more features of Unbound accessible via the GUI instead.
For example, I used the custom options to set up DNS forward zones for specific domains. To me this seems like a feature that could be relevant for more people. However, without the field in the GUI you have to connect via SSH/Terminal and change a config file manually. The GUI only supports a general "DNS forwarding" setting, which cannot be restricted to certain domains.
So my question is: Are there any plans to add more configuration options like those forward zones to the opnSense GUI for Unbound?
Thanks and Regards
with the 21.7 release, the "Custom Options" field for Unbound was removed. Since this was already announced and the use of this field discouraged for quite some time, this is not a surprise.
However, I find myself wondering if there are plans to make some more features of Unbound accessible via the GUI instead.
For example, I used the custom options to set up DNS forward zones for specific domains. To me this seems like a feature that could be relevant for more people. However, without the field in the GUI you have to connect via SSH/Terminal and change a config file manually. The GUI only supports a general "DNS forwarding" setting, which cannot be restricted to certain domains.
So my question is: Are there any plans to add more configuration options like those forward zones to the opnSense GUI for Unbound?
Thanks and Regards
#8
Virtual private networks / Re: Certificate Expiration Notification
February 23, 2021, 02:07:30 PM
Thanks for the reply!
While those mechanisms you mention definitely work "outside of the product", we use internal certificates generated by OPNsense for the VPN accounts of our employees.
I guess we have to schedule notifications in our calendar then :-/
While those mechanisms you mention definitely work "outside of the product", we use internal certificates generated by OPNsense for the VPN accounts of our employees.
I guess we have to schedule notifications in our calendar then :-/
#9
Virtual private networks / Certificate Expiration Notification
February 19, 2021, 02:23:29 PM
Hello everyone,
first time posting here, so if this is the wrong topic, please feel free to move the thread.
I have a question that was asked on this forum once before (https://forum.opnsense.org/index.php?topic=10860.0), but got no replies/answers. It's pretty simple:
"Is there a way to get notified when certificates are about to expire?"
In our case (as was in the post linked above), it's about SSL certificates used for VPN. It would be a good idea for other certificates too, I guess.
Thanks and regards
first time posting here, so if this is the wrong topic, please feel free to move the thread.
I have a question that was asked on this forum once before (https://forum.opnsense.org/index.php?topic=10860.0), but got no replies/answers. It's pretty simple:
"Is there a way to get notified when certificates are about to expire?"
In our case (as was in the post linked above), it's about SSL certificates used for VPN. It would be a good idea for other certificates too, I guess.
Thanks and regards
Pages1
