HessenheldenAufgrund des Videos teste ich gerade den DNS Server von #IPv64 und auch darüber DNS over TLS. Und das unter #OPNsense mit #UnboundDNS . Bis jetzt keine Fehler erkennbar aber das muss nichts heißen. Wie teste ich aber das DNS over TLS?
YouTube
Zur zeit nutze ich unter #OPNsense #UnboundDNS mit den eingebauten Blocklisten. Was mir aber auffällt dass es keine speziellen Soziale Listen existieren um z.B Facebook zu blockieren. Finde ich schade und nervt. Die Filterlisten als URL eingebunden funktionieren auch nicht wie ich es mag, kann aber auch sein das die Listen einfach nicht UnboundDNS kompatibel sind. Bin etwas genervt.
8472Moin Fediverse! 🍵
Gestern habe ich ich mal die Chance genutzt endlich meine beiden #pihole Instanzen auf mit #unbounddns zu versorgen.
Manchmal stehen Sachen so lange auf einer Liste das man die echt vergisst 😁
Hacker NewsA Guide for WireGuard VPN Setup with Pi-Hole Adblock and Unbound DNS
https://psyonik.tech/posts/a-guide-for-wireguard-vpn-setup-with-pi-hole-adblock-and-unbound-dns/
#HackerNews #WireGuard #VPN #Pi-Hole #UnboundDNS #TechGuide #VPNSetup
Stefan 
Actually it looks like one of my VPS IPv6 changed which I used for Monitoring the IPv6 WAN Gateway in #OPNsense..
additionally python used nearly 100% CPU.. which was the Netflow. Don’t know why I had this on.
So I‘m not monitoring the Gateway anymore for now to keep is just running.
CPU is down again to max 30%.
And having DNS on that same host is really bad, because my whole HomeLab including HomeAssistant dies even for reaching local systems.
Sometimes it’s just…. DNS.
#ItsAlwaysDNS
Connections have being really slow today and some of my scripts reaching local #HomeLab service have been also slow.
It was #UnboundDNS. A restart of #OPNsense after the latest hotfix update solved the issue.
Removed the #DNS forwarding in #UnboundDNS and just doing recursive resolution for now.
Works pretty well since yesterday, nothing really slow or something. Also checked DNS leak tests etc., but only the IPv4 shared across multiple households is showing up. So.. fine.
I enabled the following settings additionally to the defaults:
- Enable DNSSEC Support (not sure if that was the default)
- Hide Identity
- Hide Version
- Prefetch DNS Key Support
- Aggressive NSEC
- Prefetch Support
#TIL 1/2 Do not use any IP (v4 or v6) as Gateway Monitor IP if you need it somewhere else in #OPNsense.
OPNSense creates a new route for the monitoring IPs, which make it only usable for this.
Broke my #UnboundDNS.
OPNSense creates a new route for the monitoring IPs, which make it only usable for this.
Broke my #UnboundDNS.
Let's say you are hosting a cloud VM for free but changing instances, shutting down etc., make sure to update your DNS records if you are pointing to this VM.
Public IPs of these VMs are getting reused by others.
That should be clear.
But I was suprised to see many DNS queries in my #UnboundDNS to that DNS name...turns out I HAD prometheus monitoring setup to the cloud VM.
Checking the DNS via https turned to TLS error, because... yeah its a server for role play games now.