The new unbound reporting is pretty cool

Started by senser, January 27, 2023, 10:57:28 PM

Previous topic - Next topic
Print
Go Down Pages 1 2 3 4 5
User actions
January 31, 2023, 10:31:30 AM #30
Quote from: aimdev on January 31, 2023, 08:55:40 AM
2. No for me, all local even with 'All' set as the option for display. Possibly it may be how I have Unbound setup.

How is Unbound configured? Forwarding, special advanced options, DoT etc.

The total result set of the "live" view is limited to a 1000 entries for performance reasons. It might be that localhost is taking them all up. If there are specific clients you wish to view you can also click on a client in the "overview" page in the client graph and it will present you with a view of this clients' activity within that specific time period.
January 31, 2023, 10:42:28 AM #31
DOT

Thanks for the advice.
January 31, 2023, 07:07:07 PM #32
Unbound reporting is really cool. I'm a new user to OPNsense this month and am loving this new feature. One very minor suggestion would be to change the background font for the details tab to work better with the dark mode themes (like cicada or vicuna). I usually have to change to the default OPNsense theme to read that tab. Otherwise, fantastic work!
January 31, 2023, 07:13:56 PM #33
February 01, 2023, 01:22:34 PM #34
Wonderful, I'm glad it has been put into the backlog.
February 01, 2023, 09:09:39 PM #35
Hi,

is this only a "design" glitch, or why does it block the A records but not the HTTPS records?

metrics.icloud.com A record blocked
metrics.icloud.com HTTPS record NOT blocked
February 01, 2023, 09:28:45 PM #36
Like the others I love the new reporting, however, with this new implementation with the python module that handles the DNSBL, what's the work around to allow bypassing the DNSBL?

It used to be using tags or views, but those won't apply now that the dnsbl file is in .json format.
February 02, 2023, 12:21:33 PM #37
@dumbo
not sure about the 'glitch'
HTTPS RR is pretty new. for now dnsbl is applied to A/AAA/CNAME records
February 02, 2023, 12:36:36 PM #38
Quote from: dumbo on February 01, 2023, 09:09:39 PM
Hi,

is this only a "design" glitch, or why does it block the A records but not the HTTPS records?

metrics.icloud.com A record blocked
metrics.icloud.com HTTPS record NOT blocked

https://forum.opnsense.org/index.php?topic=32127.msg155508#msg155508
February 02, 2023, 12:39:12 PM #39
Quote from: slackadelic on February 01, 2023, 09:28:45 PM
Like the others I love the new reporting, however, with this new implementation with the python module that handles the DNSBL, what's the work around to allow bypassing the DNSBL?

It used to be using tags or views, but those won't apply now that the dnsbl file is in .json format.

If you're referring to single domains, you can use the "whitelist domains" field.

If you're referring to networks, not really possible.
February 02, 2023, 12:49:24 PM #40
@tuto2
im afraid https rr could provide ip via hints ..
https://datatracker.ietf.org/doc/html/draft-ietf-dnsop-svcb-https-01#section-6.4
February 02, 2023, 01:08:25 PM #41
Quote from: Fright on February 02, 2023, 12:49:24 PM
@tuto2
im afraid https rr could provide ip via hints ..
https://datatracker.ietf.org/doc/html/draft-ietf-dnsop-svcb-https-01#section-6.4

Ok, if we're going to add HTTPS as a record type to block, would you mind helping by testing this locally? I'll put up a patch tomorrow.
February 02, 2023, 01:18:45 PM #42
@tuto2
sure )
February 03, 2023, 09:13:27 AM #43
Quote from: Fright on February 02, 2023, 01:18:45 PM
@tuto2
sure )

@Fright Can you test with
Code Select
# opnsense-patch e0469001a?
February 03, 2023, 01:20:43 PM #44
Quote from: tuto2 on February 03, 2023, 09:13:27 AM

@Fright Can you test with
Code Select
# opnsense-patch e0469001a?

Is this the patch with also blocking HTTPS requests?
Print
Go Up Pages 1 2 3 4 5
User actions