The new unbound reporting is pretty cool

tuto2 · February 03, 2023, 01:28:28 PM

Quote from: dumbo on February 03, 2023, 01:20:43 PM
Is this the patch with also blocking HTTPS requests?

Yes, https://github.com/opnsense/core/commit/e0469001a672cf67cec126b7fe80e20bac6bfea1.

Fright · February 03, 2023, 04:03:56 PM

@tuto2

5 hours work (the last 3 - with partial forwarding from production DNS servers to a test server) - everything looks fine. dig shows NODATA (rcode 0 answer:0) for blocked https RRs

thanks!

tuto2 · February 03, 2023, 05:02:27 PM

Quote from: Fright on February 03, 2023, 04:03:56 PM
dig shows NODATA (rcode 0 answer:0) for blocked https RRs

Thanks for taking the time to test it :)

danderson · February 03, 2023, 05:36:19 PM

I can also confirm that this patch is working on my system for HTTPS type now.

Quote
# opnsense-patch e0469001a

dumbo · February 03, 2023, 06:01:53 PM

Quote from: tuto2 on February 03, 2023, 01:28:28 PM
Quote from: dumbo on February 03, 2023, 01:20:43 PM
Is this the patch with also blocking HTTPS requests?

Yes, https://github.com/opnsense/core/commit/e0469001a672cf67cec126b7fe80e20bac6bfea1.

Thx. Can confirm - patch is working.

Another question concerning Unbound:

What did you all choose as ' Local Zone Type'?
Transparent or Static?

And does it make any difference concerning the Unbound reporting?

dumbo · February 04, 2023, 06:05:40 AM

Hi,

enclosed a screenshot of my top passed domains from my testing system.

Why do I have so many _dns.resolver.arpa traffic and this other lb._dns-sd.udp.... traffic (the Subnet is one of my main VLANs)?

Am I doing something wrong or is this normal behavior?

Fright · February 04, 2023, 07:27:15 AM

hi

QuoteAm I doing something wrong

no
_dns.resolver.arpa is for Discovery of Designated Resolvers (DDR) (https://datatracker.ietf.org/doc/draft-ietf-add-ddr/)
lb._dns-sd.udp. is for DNS Service Discovery (DNS-SD) (https://www.rfc-editor.org/rfc/rfc6763)

tuto2 · February 04, 2023, 12:27:30 PM

Quote from: dumbo on February 03, 2023, 06:01:53 PM

Another question concerning Unbound:

What did you all choose as ' Local Zone Type'?
Transparent or Static?

And does it make any difference concerning the Unbound reporting?

Doesn't make a difference for Unbound reporting. It only relates to the system domain and it only configures how Unbound should respond to a query for this domain, which is picked up either way in the reporting section.

mvdheijkant · February 04, 2023, 01:11:51 PM

The only hing that's disappointing to me is when using the color scheme "os-theme-rebellion". The details page is barely readable.

tuto2 · February 04, 2023, 01:28:18 PM

Quote from: mvdheijkant on February 04, 2023, 01:11:51 PM
The only hing that's disappointing to me is when using the color scheme "os-theme-rebellion". The details page is barely readable.

Contributions on the community plugins are welcome :)

dumbo · February 15, 2023, 05:48:00 PM

Looks like with todays update the unbound reporting tool is broken. "No results found!" for me.

Tried to reset DNS Data, tried a reboot... Doesn't work.

jjelliott · February 15, 2023, 07:08:53 PM

Quote from: dumbo on February 15, 2023, 05:48:00 PM
Looks like with todays update the unbound reporting tool is broken. "No results found!" for me.

Tried to reset DNS Data, tried a reboot... Doesn't work.

When mine rebooted after this latest upgrade, the reporting tool showed no numbers, but after a second reboot, it seems to be working well. (The startup beep sequence also seemed slow the first time, but had its normal cadence on the second reboot. I've heard that slow beep sequence occasionally on previous upgrades - I'm not sure what it means, but when I hear it, I typically reboot again, "just in case".)

dumbo · February 15, 2023, 07:18:50 PM

Quote from: jjelliott on February 15, 2023, 07:08:53 PM
... but after a second reboot, it seems to be working well. (The startup beep sequence also seemed slow the first time, but had its normal cadence on the second reboot. I've heard that slow beep sequence occasionally on previous upgrades - I'm not sure what it means, but when I hear it, I typically reboot again, "just in case".)

Thx for your feedback. already restarted several times - but doesn't work. :(

xpendable · February 16, 2023, 03:21:16 AM

Unbound Reporting broke for me as well after the latest 23.1.1 update, however I managed to get it working again.

I had to disable Unbound reporting (uncheck the check box under Reporting > Settings and click save), I also cleared the unbound statistics.

I then made sure the following log settings under Unbound > Advanced were checked/Enabled
Log Queries
Log Replies
Tag Queries and Replies

After that I rebooted OPNsense, waited for a few minutes for everything to settle down and then went back to Reporting > Settings and enabled Unbound reporting again, clicked save and wa-la Unbound Reporting is working again.

Syon · February 16, 2023, 08:20:44 AM

Look here.
Patch

Code Select

opnsense-patch -a kulikov-a 404b9d5

The new unbound reporting is pretty cool

tuto2

February 03, 2023, 01:28:28 PM #45

Fright

February 03, 2023, 04:03:56 PM #46

tuto2

February 03, 2023, 05:02:27 PM #47

danderson

February 03, 2023, 05:36:19 PM #48

dumbo

February 03, 2023, 06:01:53 PM #49

dumbo

February 04, 2023, 06:05:40 AM #50

Fright

February 04, 2023, 07:27:15 AM #51

tuto2

February 04, 2023, 12:27:30 PM #52

mvdheijkant

February 04, 2023, 01:11:51 PM #53

tuto2

February 04, 2023, 01:28:18 PM #54

dumbo

February 15, 2023, 05:48:00 PM #55

jjelliott

February 15, 2023, 07:08:53 PM #56

dumbo

February 15, 2023, 07:18:50 PM #57

xpendable

February 16, 2023, 03:21:16 AM #58

Syon

February 16, 2023, 08:20:44 AM #59