The key I found to get this working was to set view-first: no I didn't want to have to list all networks, and only list bypass IPs/networks since most will use dnsbl. In the examples above, each network has to be listed as either dnsbl or bypass. I have many networks (vpns, vlans, etc.), and wanted to configure the use of dnsbl as a default from any network except for specific clients or networks listed. Tldr: listing only networks for bypassing dnsbl, with defaulting to use of dnsbl for clients I wanted to comment and share in case anyone else has a similar issue. I was working through implementing this in my use case which is different than others here. I didn't know views were possible in unbound until reviewing this post. Just thought I would share, as someone might require similar functionality. So I have scrapped that VM now and my pfsense box is back to doing all the dns. So dumb to just run a separate adblocking dns server, but that's what I did. For some reason, dns resolution would hang randomly from time to time when I was using pfblocker, got sick of debugging it.īefore this, I was using pfblocker for pretty much everything on my all my networks, and set up a pihole server in a VM on my freenas box. My pfsense memory usage has come way down, and it feels snappier while browsing.
So I have disabled the pfSense resolver (unbound) and pfBlocker and am only using nxfilter for dns. Raspberry Pi Home Server - NxFilter Tutorial - YouTube Then I found this vid on Youtube for a quick tutorial on setting it up: GitHub - DeepWoods/nxfilter-pfsense: NxFilter install on pfSense But on my own private network I just want ad-blocking only, and I can do this easily with NxFilter. So I have them on their own vlan, and I block all kinds of stuff for their network. I have my kids home doing school full time now thanks to covid. I wanted to have better policy based dns blocking per network. I found a better solution for myself, and stopped using pfblockerng.
0 kommentar(er)
