Messages

1741

Tutorials and FAQs / Re: HOWTO - Redirect all DNS Requests to Opnsense

« on: September 15, 2021, 03:42:55 pm »

that would be the case if you have disabled it on Systems > Settings > General > "Do not use the local DNS service as a nameserver for this system"
One quick way to check is to see the contents of your /etc/resolv.conf file. I suspect it doens't have 127.0.0.1
Whether that is what you want or not is another matter.

1742

Hardware and Performance / Re: Download limited at 100mbit. Upload unlimited. Would like help figuring out why.

« on: September 14, 2021, 12:40:18 pm »

Nice.

1743

Hardware and Performance / Re: Download limited at 100mbit. Upload unlimited. Would like help figuring out why.

« on: September 14, 2021, 10:26:13 am »

What's your hardware and how is it configured on the WAN side? PPOE?
More information please not just telling what the symptoms are.

1744

Documentation and Translation / Re: AdGuard Home setup guide

« on: September 12, 2021, 12:07:17 pm »

pi-hole being "there" is not an issue. My issue is getting OPN to dish out a different port via DHCP for a DNS resolver.
If pi-hole was out of the equation I can change the listening ports on both Unbound or AdG but the tricky part is with AdG now being on the same IP (plugin on OPN). It could look like this:
client > OPN-AdG:53 > OPN-Unbound:5353 > OPN-Stubby:853 > DoT resolvers.
But then how do I get DHCP to push clients to AdG on 53. Hm, that could work actually. I'll check.
I appreciate the input.

Yup that worked. I've bypassed pi-hole now. It's still on so I can push the queries back but so far all good. I was expecting my firewall rules to be a little trickier with being localhost but so far just replacing the ip with the lan local has worked without problem.
I had to test different ad hosts blocklists but so far functionally I'm good.

1745

Documentation and Translation / Re: AdGuard Home setup guide

« on: September 10, 2021, 05:11:06 pm »

pi-hole being "there" is not an issue. My issue is getting OPN to dish out a different port via DHCP for a DNS resolver.
If pi-hole was out of the equation I can change the listening ports on both Unbound or AdG but the tricky part is with AdG now being on the same IP (plugin on OPN). It could look like this:
client > OPN-AdG:53 > OPN-Unbound:5353 > OPN-Stubby:853 > DoT resolvers.
But then how do I get DHCP to push clients to AdG on 53. Hm, that could work actually. I'll check.
I appreciate the input.

1746

Documentation and Translation / Re: AdGuard Home setup guide

« on: September 10, 2021, 04:05:25 pm »

I have Unbound on 53 pushing dns requests on via "Custom Options" to my preferred stub on localhost:853.
AdG is running on 5353.
DHCP clients get the independent pi-hole ipaddress as DNS server and pihole listens on 53 and has OPN as its upstream.
So currently clients DNS requests go:
client > pi-hole:53 > OPN-Unbound:53 > OPN-Stubby:853 > DoT resolvers.
Then to test ADG I put it inline:
client > pi-hole:53 > OPN-AdG:5353 > OPN-Unbound:53 > OPN-Stubby:853 > DoT resolvers.
With testing OK now I wanted to just bypass pi-hole.
That's where I'm scratching my head. Getting DHCPv4 to push 5353 to the clients.

1747

Documentation and Translation / Re: AdGuard Home setup guide

« on: September 10, 2021, 02:31:10 pm »

I've tried as a workaround setting Unbound to listen on 5353 and In Services > DHCPv4 > LAN set to just it's LAN address 192.168.5.1, restarted both services and reconnected a client. No DNS resolution.
I'll keep looking at options.

1748

Documentation and Translation / Re: AdGuard Home setup guide

« on: September 10, 2021, 02:14:07 pm »

Tried, OPN not happy.
In Services > IPV4 > LAN I wanted to change from the IP for pi-hole to the LAN IP on a non standard DNS port in the "DNS Servers" field i.e. 192.168.5.1:5353 where ADG is running. I've tried with : @ and # as port delimiter.
Does anybody know if there is a way to do that there?
I know if not I'll have to do firewall rules but I was hoping I didn't have to.

1749

Documentation and Translation / Re: AdGuard Home setup guide

« on: September 10, 2021, 02:07:02 pm »

thanks for sharing. I'm planning on reconfiguring now to bypass pi-hole. Performance is a good reason of course.
I'm on a tiny appliance so it might not be good for me. We'll see.

1750

Documentation and Translation / Re: AdGuard Home setup guide

« on: September 10, 2021, 10:37:06 am »

Hi. It is likely I should ask this somewhere else as is not directly a technical setup question buy maybe.
I've been using OPN with DoT(get-dns)+Unbound _and_ a pi-hole for a while and all is good.
I wanted to compare with AdGuard and I've just done it yesterday by using mimugmail's plugin.
I wanted to limit the reconfiguration and to do that, I configured pi-hole and AdGuard in a chain. It was the easiest way to just put another app and point to it.
Now the question. They seem to be pretty much the same and the setup if almost identical.
Apart from AG being able to run directly on OPN, is there another big reason people prefer it with OPN?

1751

General Discussion / Re: Baffling DNS issue - can't access any sites until 10-15 mins after reboot

« on: September 09, 2021, 11:42:59 pm »

I doubt is the setup. As it is, it works but with that long delay.
Assuming OPN is the upstream resolver for AdGuard then that leaves you with a timing issue to track.
The name resolution from ADG is down during OPN's reboot and this time can be a few minutes based on hardware. 15 minutes sounds long for a reboot.
That makes me think you could try letting OPN do name resolution bypassing ADG for a test.
If that reduces considerably, you can narrow things down.

1752

Hardware and Performance / Re: quad port nic not seen

« on: September 03, 2021, 11:29:59 pm »

Any clues in dmesg?
If the device is not recognised it might have a Dell BIOS. em should find it though.
One thing you could do is see if a vanilla freebsd installation gets to see it.

1753

21.7 Legacy Series / Re: Unbound with DNS-Over-TLS (SOLVED)

« on: September 01, 2021, 11:07:33 pm »

Good, I'm glad you made it work.
Here is in case you want to have a look https://forum.opnsense.org/index.php?topic=23236.0  but it looks like you don't need it if your current setup is sufficient.

You are correct in that a user can still bypass Unbound's DoT without firewall rules. That's the next part if you need it/want it.

1754

21.7 Legacy Series / Re: Unbound with DNS-Over-TLS

« on: September 01, 2021, 10:26:42 pm »

I'm using Unbound with DNSoverTLS in a different way but works without problem.
It is a more convoluted way. I'm using a pi-hole in front of the clients but can work without it.
Apart from that the main difference is that I use mimugmail's repo to make Unbound's additional "custom options" AND dyndns for Stubby. Stubby is the part of it that allows a lot of DoT options that are not in OPN UI.

If all you are missing are the "custom field" options then all you need is mimugmail's repo and that field brings it back.

1755

Tutorials and FAQs / Re: Fsck on boot and ssd problem

« on: August 29, 2021, 11:13:10 pm »

You don't mention the hardware you use but filesystem checks on boot need console unless your hardware has out of band access, like ipmi. Remember also that the disk can't be mounted for the check.