OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • English Forums »
  • Development and Code Review (Moderator: fabian) »
  • DNSBL and additional features Plugin for Unbound
« previous next »
  • Print
Pages: 1 2 3 [4] 5

Author Topic: DNSBL and additional features Plugin for Unbound  (Read 25841 times)

mimugmail

  • Hero Member
  • *****
  • Posts: 6296
  • Karma: 433
    • View Profile
Re: DNSBL and additional features Plugin for Unbound
« Reply #45 on: May 04, 2020, 07:53:49 pm »
I will add an own page for it with this options
Logged
Twitter: mimu_muc
WWW: www.routerperformance.net
Support plans: https://www.max-it.de/en/it-services/opnsense/
Commercial Plugins (German): https://opnsense.max-it.de/

Mks

  • Sr. Member
  • ****
  • Posts: 260
  • Karma: 19
    • View Profile
Re: DNSBL and additional features Plugin for Unbound
« Reply #46 on: May 04, 2020, 09:27:37 pm »
Hi

@mimugmail

May you could also add the option to add "views" to unbound, would be great.

br
Logged

mimugmail

  • Hero Member
  • *****
  • Posts: 6296
  • Karma: 433
    • View Profile
Re: DNSBL and additional features Plugin for Unbound
« Reply #47 on: May 04, 2020, 10:22:43 pm »
When I find time, yes. Can you remind me in a few weeks? :)
Logged
Twitter: mimu_muc
WWW: www.routerperformance.net
Support plans: https://www.max-it.de/en/it-services/opnsense/
Commercial Plugins (German): https://opnsense.max-it.de/

mrancier

  • Newbie
  • *
  • Posts: 34
  • Karma: 3
    • View Profile
Re: DNSBL and additional features Plugin for Unbound
« Reply #48 on: May 05, 2020, 02:47:56 pm »
Quote from: pkernstock on May 04, 2020, 03:52:06 pm
The funny thing is, I sent the exact the same feedback to @mimugmail via Twitter. As the form doesn't accept "#" or hostnames into the field.

At the moment I've workedaround it by modifying the config file directly: (to be honest I don't know if that's persistent across reboots)
Code: [Select]
# cat /var/unbound/etc/dot.conf
server:
  tls-cert-bundle: /etc/ssl/cert.pem
forward-zone:
  name: "."
  forward-tls-upstream: yes
  forward-addr: 45.90.28.0#xx.dns1.nextdns.io
  forward-addr: 2a07:a8c0::#xx.dns1.nextdns.io
  forward-addr: 45.90.30.0#xx.dns2.nextdns.io
  forward-addr: 2a07:a8c1::#xx.dns2.nextdns.io

Soooo....yeah, it does not survive a reboot...oh well.
Logged

RFGuy_KCCO

  • Newbie
  • *
  • Posts: 11
  • Karma: 2
    • View Profile
Re: DNSBL and additional features Plugin for Unbound
« Reply #49 on: May 05, 2020, 02:56:20 pm »
Quote from: mrancier on May 05, 2020, 02:47:56 pm
Quote from: pkernstock on May 04, 2020, 03:52:06 pm
The funny thing is, I sent the exact the same feedback to @mimugmail via Twitter. As the form doesn't accept "#" or hostnames into the field.

At the moment I've workedaround it by modifying the config file directly: (to be honest I don't know if that's persistent across reboots)
Code: [Select]
# cat /var/unbound/etc/dot.conf
server:
  tls-cert-bundle: /etc/ssl/cert.pem
forward-zone:
  name: "."
  forward-tls-upstream: yes
  forward-addr: 45.90.28.0#xx.dns1.nextdns.io
  forward-addr: 2a07:a8c0::#xx.dns1.nextdns.io
  forward-addr: 45.90.30.0#xx.dns2.nextdns.io
  forward-addr: 2a07:a8c1::#xx.dns2.nextdns.io

Soooo....yeah, it does not survive a reboot...oh well.

If you place those lines in Unbound DNS --> General --> Custom Options, it will survive a reboot.
Logged
OPNsense 20.7.4
SuperMicro SuperServer E300-8D (primary WAN)
Protectli Vault FW1 (secondary WAN)
TRENDnet TEG-30284

mrancier

  • Newbie
  • *
  • Posts: 34
  • Karma: 3
    • View Profile
Re: DNSBL and additional features Plugin for Unbound
« Reply #50 on: May 05, 2020, 02:59:38 pm »
Thank you for the reply.  I do know that using the Customs options box is able to work around this issue.  I was hoping to be able to keep the DoT config separate...for OCD reasons.  Thanks, though.
Logged

magno101

  • Newbie
  • *
  • Posts: 1
  • Karma: 0
    • View Profile
Re: DNSBL and additional features Plugin for Unbound
« Reply #51 on: May 05, 2020, 09:40:48 pm »
Sorry to bring this up again, but has there been any progress in the logging functionality surrounding blocked queries?
Logged

mimugmail

  • Hero Member
  • *****
  • Posts: 6296
  • Karma: 433
    • View Profile
Re: DNSBL and additional features Plugin for Unbound
« Reply #52 on: May 06, 2020, 07:56:12 am »
Quote from: magno101 on May 05, 2020, 09:40:48 pm
Sorry to bring this up again, but has there been any progress in the logging functionality surrounding blocked queries?

No, I have no idea how this should work
Logged
Twitter: mimu_muc
WWW: www.routerperformance.net
Support plans: https://www.max-it.de/en/it-services/opnsense/
Commercial Plugins (German): https://opnsense.max-it.de/

mrancier

  • Newbie
  • *
  • Posts: 34
  • Karma: 3
    • View Profile
Re: DNSBL and additional features Plugin for Unbound
« Reply #53 on: May 17, 2020, 11:18:32 pm »
What is the syntax for whitelisting domains ?  tried adding one, but it did not seem to work.

Thanks.

Logged

brad.edmondson

  • Newbie
  • *
  • Posts: 4
  • Karma: 2
    • View Profile
Re: DNSBL and additional features Plugin for Unbound
« Reply #54 on: May 20, 2020, 08:29:54 pm »
Quote from: mimugmail on May 03, 2020, 11:31:17 am
Hi,

It replaces all to 0.0.0.0:

https://github.com/opnsense/plugins/blob/master/dns/unbound-plus/src/opnsense/scripts/OPNsense/Unboundplus/dnsbl.py#L111

@mimugmail -
Would it be possible to add an option to reply with NXDOMAIN instead of 0.0.0.0? That's what BIND DNSBL does, and just looking anecdotally at my pageloads, seems to be faster than trying to connect to a broadcast address or loopback address and waiting for TCP to fail.
Logged

mimugmail

  • Hero Member
  • *****
  • Posts: 6296
  • Karma: 433
    • View Profile
Re: DNSBL and additional features Plugin for Unbound
« Reply #55 on: May 21, 2020, 07:14:30 am »
BIND uses RPZ for this which is exclusive to it.
If you know how to achieve this within Unbound there might be chance.
Logged
Twitter: mimu_muc
WWW: www.routerperformance.net
Support plans: https://www.max-it.de/en/it-services/opnsense/
Commercial Plugins (German): https://opnsense.max-it.de/

schreibubi

  • Newbie
  • *
  • Posts: 2
  • Karma: 0
    • View Profile
Re: DNSBL and additional features Plugin for Unbound
« Reply #56 on: June 20, 2020, 07:10:25 pm »
You'll get the NXDOMAIN response if you enable the commented out line:
file.write('local-zone: "' + str(line) + '" static\n')

This is how also Adblock in OpenWRT does it.
Logged

schreibubi

  • Newbie
  • *
  • Posts: 2
  • Karma: 0
    • View Profile
Re: DNSBL and additional features Plugin for Unbound
« Reply #57 on: June 20, 2020, 07:12:08 pm »
Hi,

any chance of getting this plug-in working in 20.7? Right now there is a conflict with opnsense-devel package...

Joerg
Logged

mimugmail

  • Hero Member
  • *****
  • Posts: 6296
  • Karma: 433
    • View Profile
Re: DNSBL and additional features Plugin for Unbound
« Reply #58 on: June 20, 2020, 08:23:09 pm »
Just remove the -devel and install the stable one ...
Logged
Twitter: mimu_muc
WWW: www.routerperformance.net
Support plans: https://www.max-it.de/en/it-services/opnsense/
Commercial Plugins (German): https://opnsense.max-it.de/

lar.hed

  • Full Member
  • ***
  • Posts: 168
  • Karma: 5
    • View Profile
Re: DNSBL and additional features Plugin for Unbound
« Reply #59 on: July 02, 2020, 08:28:22 am »
I am using DOT, however now I am about to install my backup ISP connection, and are wondering if that will kind of screw things up? My reason for asking is that well when you add a second WAN (multi-WAN: https://docs.opnsense.org/manual/how-tos/multiwan.html ) then you also spec a 2nd DNS - and I can not figure out in my head how this is supposed to work with DOT? And how do one set up firewall rules? port 53 should not be used I guess, only 853? Or am I missing something?
Logged

  • Print
Pages: 1 2 3 [4] 5
« previous next »
  • OPNsense Forum »
  • English Forums »
  • Development and Code Review (Moderator: fabian) »
  • DNSBL and additional features Plugin for Unbound
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2023 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy
    | XHTML | RSS | WAP2