Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
20.7 Legacy Series
»
Unbound - restarted when interface wakes up? (is delay and BlackLists)
« previous
next »
Print
Pages:
1
...
3
4
[
5
]
Author
Topic: Unbound - restarted when interface wakes up? (is delay and BlackLists) (Read 16930 times)
lar.hed
Sr. Member
Posts: 323
Karma: 10
Re: Unbound - restarted when interface wakes up? (is delay and BlackLists)
«
Reply #60 on:
December 13, 2020, 10:09:39 pm »
Let me be cristal clear: Unbound without all restarts, or restarts with zero (or close to zero) DNS downtime is most likely the best solution, no question about this. However, current solution with all restarts needs some sort of work, at least when combined with DNS BlockLists. Removing BlockLists are not the solution, I simply want it all...
DNSCrypt-proxy is not the answeer either, since I need to hack a few things and that is not allowed in my book (and it should not be allowed in anys book, playaround sure not for production though). And still I have not figured out how to prevent Firefox from using DoT or DoH (which may or may not be working in Unbound either). It is fast though, no DNS downtime to talk about, and well no integration so one need to know and understand what needs to be configured.
BIND seems to work, but I consider it pain to configure correct (I also seem to have forgotten what I used to know). I like to stay away from BIND.
Logged
lar.hed
Sr. Member
Posts: 323
Karma: 10
Re: Unbound - restarted when interface wakes up? (is delay and BlackLists)
«
Reply #61 on:
December 14, 2020, 02:55:44 pm »
I think I need to add a few bits of information:
a) Hacking DNSCrypt-Proxy just showed why one should NEVER hack: I managed to loose all blocklists due to me thinking to much and trying to be overthink this. Solved of course, but never hack.
b) DNSCrypt for sure seems to start much faster - or let me phrase this like: DNSCrypt responds to DNS querys direct, however it does NOT seem to response to blocklists direct - that will take a few moments. So downtime is lower (of course) but blockslists are not loaded at restart - it takes about the same time as Unbound.
So Fright, your idea about starting and loading in two different processes is more or less what seems to happen in DNSCrypt-proxy. And yes that is more than okay - I need DNS resolution direct of course, blocking is important but DNS resolution is way more important. If one could get that into Unbound.... We would get a winner.
Logged
Fright
Hero Member
Posts: 1777
Karma: 164
Re: Unbound - restarted when interface wakes up? (is delay and BlackLists)
«
Reply #62 on:
December 14, 2020, 04:18:48 pm »
got it. I considering unbound as a forwarder for internal servers and also takes the speed and stability of servicing requests as a priority over dnsbls preparedness at start.
discussing the transition to dnsbl load with unbound-control in the same discussion at github
Logged
Print
Pages:
1
...
3
4
[
5
]
« previous
next »
OPNsense Forum
»
Archive
»
20.7 Legacy Series
»
Unbound - restarted when interface wakes up? (is delay and BlackLists)