Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - gpfountz

Pages1
#1
25.7, 25.10 Series / Re: 25.7.8 Unbound blocklist source nets
December 02, 2025, 06:56:21 PM
Quote from: OPNenthu on November 30, 2025, 09:30:29 PMI haven't enabled the per-network DNSBL on my end as of yet, but for those who are seeing this- are you using dynamic IPv6 prefixes?  I'm looking at the Source Nets field and I don't know how you would even configure it for e.g. IA_PD.

AFAIK, we don't (yet) have any mechanism to track those for use in form fields like this.  Am I misinformed, or is this feature presently limited to IPv4 and IPv6 networks where the prefixes are not changing?

In any case: https://github.com/opnsense/core/issues/9474

I have applied the patch for issue 9474 and can confirm the fix is working properly.

Thanks to the developers for making this change!!
#2
25.7, 25.10 Series / Re: 25.7.8 Unbound blocklist source nets
December 01, 2025, 04:11:54 AM
Thanks for filing the issue.

In my case, all my clients are assigned only an ipv4 address for the DNS server; so no IPv6 issues here.

My thoughts are that we need to query the blocklist prior to querying the cache and blocklist results should not update the cache.  Not sure what a change like this would do to performance.
#3
25.7, 25.10 Series / 25.7.8 Unbound blocklist source nets
November 26, 2025, 08:28:30 PM
After upgrading to 25.7.8, I configured unbound's blocklist's source nets to include my LAN and IoT networks, excluding my GUEST network.  The problem is as soon as someone on the guest network does a lookup of a blocked domain, that domain's IP lookup is cached. After this, that blocked domain's IPs are served to my LAN.

Is there a solution for this?  I know I can use a different DNS server for my GUEST network. That is what I was doing before the source nets feature was added to 25.7.8.

Thanks in advance!
#4
25.7, 25.10 Series / Re: How to add my own blocklist to Unbound?
August 29, 2025, 03:29:02 PM
I believe what you are looking for is under advance mode - URL of Blocklists
#5
25.7, 25.10 Series / Re: [SOLVED] 25.7.1 dnsmasq-dhcp no leases left
August 03, 2025, 06:45:13 PM
I have seen the same issue with TP-Link switches and smart plugs.  They are issued a new IPV6 address about every 10 minutes.  Never saw this with ISC DHCPv6.  Also used the dnsmasq ignore option on these TP-Link devices.
#6
General Discussion / Re: Router goes to sleep
July 29, 2025, 07:35:40 PM
Are you using the APC or NUT plugin?  I found my router shut down a couple times and tracked it down to my UPS running a self test which triggered a shutdown of the router.  Not sure why a UPS self test should ever trigger any device shutdown.
#7
25.7, 25.10 Series / Re: netflow on 25.7
July 24, 2025, 05:51:35 PM
confirmed the patch resolved the issue for me as well.
#8
General Discussion / Re: How to view ipv6 pd lease information in opnsense
July 01, 2025, 04:49:40 PM
Navigate to interfaces -> overview and click the WAN's search glass icon.  One of the items listed is 'Dynamic IPv6 prefix received'.  Is that what you are looking for?
#9
25.1, 25.4 Series / Re: Unbound to DNSMasq
June 15, 2025, 08:32:40 PM
Quote from: Monviech (Cedrik) on June 15, 2025, 08:20:18 PM
Code Select
opnsense-patch https://github.com/opnsense/core/commit/e7441283055dcb33a389f02d4e0f502767c8ecd1

Patch works - thanks!!
#10
25.1, 25.4 Series / Re: Unbound to DNSMasq
June 15, 2025, 07:50:18 PM
Quote from: Monviech (Cedrik) on May 30, 2025, 02:52:05 PMDnsmasq uses the DNS servers defined in "System - Settings - General" as upstream.

Otherwise, you need this patch:

Code Select
opnsense-patch https://github.com/opnsense/core/commit/220dbc7931e11c71587734ed9c1731abdf9eaff8

With it you can set "Do not forward to system defined DNS servers" in dnsmasq and provide your own ones in the "Domain" tab. Just use an asterisk (*) to specify any domain, and then define an IP address (e.g. 1.1.1.1) or Unbound if it runs on a different port (127.0.0.1, Port 53053).

Since updating to 25.1.8_1, I can no longer use an asterisk (*) to specify any domain.  Are there any workarounds?
#11
25.1, 25.4 Series / 25.1.6_2 unbound serve expired not working
May 10, 2025, 05:55:37 AM
Since updating to 25.1.6_2, unbound's 'serve expired' feature is not working for me.

I am using unbound only for DNS.

Anyone else seeing this?

update: My 'client expired response timeout' was blank - after entering a value (0 in my case), it started working.
#12
25.1, 25.4 Series / Re: 25.1.5_5 shaper FQ_CoDel can no longer reach line speed for downstream
April 23, 2025, 10:33:47 PM
I was experiencing the same issue. Problem cleared with a router reboot. YMMV
#13
General Discussion / Re: Monit: file content quoted value wont apply
March 22, 2025, 11:21:02 PM
In case anyone is interested....

I found the keyboard setting on the ipad called 'smart punctuation'.  When enabled, the quotes are left or right leaning vs being straight quotes.  Disabling 'smart punctuation' fixes this problem.
#14
General Discussion / Re: Monit: file content quoted value wont apply
March 22, 2025, 07:06:35 PM
I found this issue only occurs when editing the service test using my ipad (safari, firefox, or chrome) - works fine when editing the service test using my macbook (safari).

Hopefully this information will be useful to the developers.

And many thanks to all the developers for all your hard work!!
#15
General Discussion / [SOLVED] Monit: file content quoted value wont apply
March 20, 2025, 10:29:01 PM
How to duplicate:

create a service test with condition: content = "Cert success" and action: alert, save.

create a service of type File, path: /var/log/acmeclient/latest.log, tests: cert_success, save.

Apply - apply prompt does not clear

ssh: sudo cat /usr/local/etc/monitrc, the file is corrupt, the quotes are replaced with â:
...
check file acme_log with path "/var/log/acmeclient/latest.log"
   if content = âCert successâ

is this a bug or am I doing something wrong?

I am running version 25.1.3
Pages1