![]() ![]() Include: /var/unbound/host_nf #Host overrides AND DHCP reservations I also tried entering a view network such below, to cover all possible private IPs. This wasn't entirely clear to me from the unbound documentation, but seems to work as ignoring the default settings. The key I found to get this working was to set view-first: no I didn't want to have to list all networks, and only list bypass IPs/networks since most will use dnsbl. In the examples above, each network has to be listed as either dnsbl or bypass. I have many networks (vpns, vlans, etc.), and wanted to configure the use of dnsbl as a default from any network except for specific clients or networks listed. Tldr: listing only networks for bypassing dnsbl, with defaulting to use of dnsbl for clients ![]() I wanted to comment and share in case anyone else has a similar issue. I was working through implementing this in my use case which is different than others here. I didn't know views were possible in unbound until reviewing this post. ![]() Just thought I would share, as someone might require similar functionality. So I have scrapped that VM now and my pfsense box is back to doing all the dns. So dumb to just run a separate adblocking dns server, but that's what I did. For some reason, dns resolution would hang randomly from time to time when I was using pfblocker, got sick of debugging it.īefore this, I was using pfblocker for pretty much everything on my all my networks, and set up a pihole server in a VM on my freenas box. My pfsense memory usage has come way down, and it feels snappier while browsing. So I have disabled the pfSense resolver (unbound) and pfBlocker and am only using nxfilter for dns. Raspberry Pi Home Server - NxFilter Tutorial - YouTube Then I found this vid on Youtube for a quick tutorial on setting it up: GitHub - DeepWoods/nxfilter-pfsense: NxFilter install on pfSense But on my own private network I just want ad-blocking only, and I can do this easily with NxFilter. So I have them on their own vlan, and I block all kinds of stuff for their network. I have my kids home doing school full time now thanks to covid. I wanted to have better policy based dns blocking per network. I found a better solution for myself, and stopped using pfblockerng. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |