31
22.7 Legacy Series / Re: Help setting up nextcloud backup
« on: October 05, 2022, 10:36:39 pm »
Have you tried creating the folder that you want the backups in -- manually in Nextcloud and then trying?
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
What is everyone using for automatic backup? I tried Nextcloud but was unsuccessful so I gave up https://forum.opnsense.org/index.php?topic=30298.msg146206#msg146206. Google drive isn't ideal, it feels pretty janky and overly complex in my opinion. Is there an option for FTP, SFTP, or SMB that I'm just not seeing or a plugin to enable it? I also saw a way to pull backups via an API but I really don't like that option either, that requires scripting that is over my head as well.
This depends on how you define "see and log".Ok, that makes sense. I am not using Query forwarding anywhere in Unbound configuration.
If you use your own recursive DNS, e.g. Unbound, and do not use your ISP's recursive DNS as a forwarder, then your ISP does not see your requests. Period.
Unless ... they actively sniff all of your network traffic and look for DNS requests. Which at least here in Europe would violate several laws.At this point either the government or Comcast has something on me, and no amount of hiding is gonna save me. So I am not really bothered if they are sniffing all my traffic.
So in a civilized country with e.g. GDPR in place, I argue that running your own recursive DNS is the best protection of your privacy you can get.Ok thanks for confirming my understanding. I am in the US and so no GDPR type law that I know of, but as I mentioned, I am not trying to hide from the government.When using DOT under Unbound, it would still be the same thing, except instead of the ISP, your DOT provider (Google, or Cloudflare etc) would be able to see & log the websites that you request --- Is that a correct statement?Exactly. You are freely giving all your DNS requests to a single centralized third party - which in case of 1.1.1.1 or 8.8.8.8 is a US American company probably not bound by GDPR in any way.
So DOH/DOT is simply transferring trust from ISP to the DOT provider that you choose -- correct?
So as a EU citizen I do not trust my ISP not to log DNS requests should I use their recursive DNS. But I do trust that the deterrent of local legislation is high enough for them not to actively sniff traffic.
That's why I recommend using a local recursive DNS server.
The Internet's infrastructure is supposed to be decentralized, remember?
As always your mileage may vary. Specifically if you are a US citizen or if you are in a really repressive country. In the latter case using 1.1.1.1 or 8.8.8.8 might be the lesser evil.
Kind regards,
Patrick
AdGuard Home needs an additional recursive resolver. It does filtering only.Ok thanks. Then it would need some other DNS service (local or otherwise) to be able to serve the domain names.
The filter implementation in Unbound is a bit naive^H^H^H^H^Hstraightforward. Filter lists are pulled from their respective sources, translated into configuration statements, and loaded as unbound configuration.Ok that helps a lot. I might have to look into installing AGH and tinker around a bit
This leads to two undesirable effects:
- the startup/restart time of Unbound can get really long
- if there is just a single syntax error in just one of the lists, Unbound will fail to start
AdGuard Home on the other hand is designed from the start as an ad filter and can easily cope with both issues.
And then: have you ever TRIED AdGuard Home? I mean Just look at the UI - isn't that huge feature by itself?
As for the second question - I don't know. Not needing a separate VM, possibly? Some people might have only one firewall device? What's the disadvantage of running AGH on your OPNsense? I don't see any.I know that usually people don't have a lot of machines to separate devices, but as I said, I already have a Proxmox server, so firing up a new container is not difficult. Plus I am more comfortable in a linux environment compared to the FreeBSD cli. Also, I wouldn't have to add a 3rd party repo in my firewall.
What do you need to set in the UI to have Unbound work on its own without any forwarder?
So if you are using your local BIND, then how does the ad-blocking of AdGuard Home help? I was under the impression that the using AdGuardDNS or NextDNS as the service is how the ads are blocked at the DNS level. Or is that an incorrect assumption?
I don't know about AdGuard DNS. I do not use upstream servers. AdGuard Home uses whatever you point it to, e.g. a local BIND or Unbound installation. BIND in my case.
Because Firefox is not using your computers resolver but just the CloudFlare DNS servers via DoH directly.Aha ! Makes sense now. thanks for pointing it out.
Look here: https://support.mozilla.org/en-US/kb/firefox-dns-over-https
KH
You are aware that DNS "just works" without any upstream? And that running your local resolver in exactly this way is the best way to maximum privacy?