Messages

1

General Discussion / Re: Python Module Unbound DNS - please help

« on: May 03, 2024, 06:16:46 pm »

Hi Franco,

Thanks for answer me. I moved to the /var/unbound folder and I have included my script to be called from the dnsbl_module.py.

If I throw a random "myfunction_to_log("test")" around the dnbl_module, for example in the deinit method, my function works and the "test" is being logged but, if I do the same thing on the method "operate" then it is not being called.

How is it possible that is not being called since its the main method that handles queries and responses? I tried to play with the module-config order but still nothing.
In addition, when I restart the unbound it doesn't mention "python loaded" even if my test function works.

PS: When I reboot the system, all my configuration made in dnsbl_module.py disappears. How can I make it permanent?

2

General Discussion / Python Module Unbound DNS - please help

« on: May 03, 2024, 12:19:53 am »

Hi,

In /usr/local/etc/unbound/unbound.conf I have added the following code:

Code: [Select]

server:
    module-config: "python validator iterator"

python:
    python-script: "/usr/local/etc/unbound/filter-domains.py"

and in the same folder I have create the file "filter-domains.py", which is:

Code: [Select]

def init_standard(id, env):
    log_info("init_standard loaded")
    return True

def init(id, cfg):
    log_info("init loaded")
    return True

def deinit(id):
    log_info("deinit loaded")
    return True

def inform_super(id, qstate, superqstate, qdata):
    return True

def operate(id, event, qstate, qdata):
    return True

init_standard and deinit are loaded when I restart unbound, but I get the following error when it try to load init:



I have tried to move the script in /var/unbound, I rebooted, nothing, it doesn't work.

Any help?

3

General Discussion / Re: Unbound DNS Bugged

« on: May 01, 2024, 03:42:57 pm »

EDIT:

I was able to make it work just forcing everything through the VPN gateway, but when I go on 1.1.1.1/help it says I'm not using DoT, even if from DNS queries Logs I see responses from 1.1.1.2:853.

Confusing.

4

General Discussion / Unbound DNS Bugged

« on: April 30, 2024, 03:50:45 pm »

Hi, I'm having a problem with the Unbound DNS not being routed correctly through the VPN.

This is my setup for DN over TLS:



I have no DNS set up in System > Settings.



If I'm selecting OUTGOING NETWORK INTERFACES shouldn't it go through the VPN Interface? Apparently not.

I'm routing all the DNS through the Firewall using the Port Forward and then I have to route the DNS through the default Gateway, otherwise IT WON'T WORK.



All my DNS traffic is routed through the WAN interface leaking my real IP address. If I remove the rule "Allow DNS to this firewall" all the queries are sent to each interface gateway (192.168.1.1) through the port 53 (not encrypted as it should) and I won't be able to visit new websites, only websites that I have already visited, so it doesn't work.

It seems that I'm not able to find a solution to this problem. What is the purpose to have an Outgoing Interface if then it is not honored?

Could anyone tell me how to fix this? I'm able to route the DNS queires through the VPN but they don't work!

VPN Settings:

5

General Discussion / OPNSENSE GATEWAY

« on: April 22, 2024, 08:47:04 pm »

Hi Guys, I have a small setup home, before I had PFSENSE then I moved to OPNSENSE. I do have two issues:

The first one, in my Gateways I have (active) the IPV6, where it is disabled everywhere (in the settings, in the interface, VPN, ecc) so I have no idea where this automatic entry comes from



As you can see the IPV6 on the VPN Interface is Active, even if I have never set it up (The Gateway IP is even null so it doesn't make sense). I tried to delete it, but the other one, the IPV4 is not going Active even if I lower the Priority.

The second problem that I have is that in my LIVE VIEW from the Firewall Settings, the DNS Queries are made from the VPN Ip Address but on the WAN Interface. Shouldn't it be from the VPN Interface?

Honestly PfSense was not this complex lol..