DNSBL on specific interfaces only?

[guest25283]

Hi all,

I have searched the forum but could not find an answer.
Is it possible to select interfaces to which Unbound DNSBL applies?

[guest25283]

@mimugmail, do you have any idea?

[koushun]

This might be of some assistance? https://forum.netgate.com/topic/129365/bypassing-dnsbl-for-specific-ips

[Vilhonator]

Yes it is possible.

WebGui might be bit confusing, but by selecting interfaces of which Unbound listens to (by default unbound listens to all interfaces), you are choosing interfaces which use DNSBL.

Interfaces which Unbound isn't listening, you need to setup DNS servers other than your Opnsense on DHCP server settings or manually set DNS servers on client devices.

It is recommended to leave things to default values because disabling listening on wrong interface, network on interface which doesn't use unbound might be exploited or might cause some issues.

Way I understand it, DNSBL is set active on all interfaces which unbound is listening and automatically creates ACLs for you. If you mean to use unbound on all interfaces but enable DNSBL only on certain interface, then you might have to manually change DNS config file via console.

[koushun]

@Vilhonator

It would be awesome to use Unbound for all interfaces, but specific interfaces with DNSBL.

pfBlockerNG v3.0.0_6 (pfSense) has this feature now, although just for specific IP adresses which then can bypass DNSBL - https://www.reddit.com/r/pfBlockerNG/comments/kcpg8g/pfblockerng_v300_6_update/

Updated:
DNSBL - NAT / Floating rule modifications when Localhost interface is selected
Add preliminary DNSBL Group Policy configuration that will globally bypass DNSBL for the defined LAN IPs