Messages

Cloudflare DNS update only works with Global API key but it does not work if I create an API token with DNS edit for the zone. DynDNS I can create API key with specific DNS zone edit access and it was working fine. This is unsafe and creates security issues.

To sum things up the release notes for tomorrow's 22.1.1 WRT ddclient plugin are as follows:

* Add spdyn, inwx and dns-o-matic (contributed by Rene Schuster)
* Add Hurricane Electric provider (contributed by Netboy3)
* Add option to force SSL, on by default (contributed by Robin Mueller)
* Add Cloudflare and custom service (contributed by Robin Mueller)
* Add STRATO provider (contributed by Alex Mi)
* Add use interface as IP source
* Fix ip6only.me (contributed by Robin Mueller)
* Fix uppercase use in usernames


Cheers,
Franco

There's been a lot of discussion around how to block DNS over HTTP, I found that public-dns.info have a very good list which is updated multiple times a day.

I simple Firewall Alias and a Floating rule is very affective if you use Adguard or PiHole DNS.

** Don't forget to port-forward TCP/UDP 53 to local DNS IP.

See attached Images

To Reject all wdap you can use following custom filtering rule:

Code Select Expand

/wpad[.]([a-z0-9.])*/$dnsrewrite=NXDOMAIN;;

I have seen api.wordpress.org.localdomain, when you use Blocking mode as NXDOMAIN, change to default and these will go away...

thnx for that tip.
But I see also domains like wpad.localdomain and api.wordpress.org.localdomain etc.
So I just tried a custom filtering rule (block):
||*.local^$important
||*.localdomain^$important

don't know what is better?

On further thought... maybe I can better add [/localdomain/]192.168.1.1:5353
to the Upstream DNS server

Add following to your upstream DNS servers box:

[/mydomain.local/]192.168.1.1

replace mydomain.local with your local domain and 192.168.1.1 with your local DNS server IP.

I was looking into the AdGuard Home queries and saw .local and .localdomain with processed NXDOMAIN.

Is it normal to have those queried to outside dns (in my case cloudflare)

Is there a way to have those queried only locally?

I have extended to backup AdGuardHome.yaml file using Git backup plugin (which is a pre-requisite).

1) login to shell in OpnSense

2) edit actions_adguardhome.conf

Code Select Expand

vi /usr/local/opnsense/service/conf/actions.d/actions_adguardhome.conf

3) Insert following:

Code Select Expand

[backup]
command:cp /usr/local/AdGuardHome/AdGuardHome.yaml /conf/backup/git ; cd /conf/backup/git; git add AdGuardHome.yaml; git commit -m "Adguard Config changes on `date`" AdGuardHome.yaml
parameters:
type:script
message:backing up Adguardhome config
description:Backup Adguardhome config

See 1.png attached

5)  Restart configd

Code Select Expand

service configd restart

6) Configure Corn job in Web UI

See 2.png attached

7) Result See 3.png attached