DNS Level Google Safe Browsing
-
Google Safe Browsing is a Google API that takes an url and says if the URL is trustworthy. Is it possible to integrate this Service in the pfsense DNS resolver? Maybe you can make this a feature request?
I know that squid can do something like this. But having this directly in the DNS Server would be much more effective.
-
You can certainly use "safer" DNS servers on your pfSense installation, Cisco's Umbrella, or Quad9 come to mind.
-
@awebster Than I have to give up control. If this is a built in feature of the dns resolver I can whitelist, blacklist and log as I want. Quad9 doens't give me this chance.
The safe browsing block list is available as a download. The only fing needed is some logic to download the list and perform a check.
-
@Thisisme said in DNS Level Google Safe Browsing:
Maybe you can make this a feature request?
Before making such a request, check how many DNS requests are actually send away from your system (pfSense).
As you might know, it takes some time before an answer comes back.
If the DNS handling has to be done using an API requests, the request will take more time.Btw : the request should be placed here : https://www.nlnetlabs.nl/projects/unbound/about/ (or the place where they develop dnsmasq, the forwarder)
This https://lifeoverlinux.com/how-to-configure-google-safe-search-on-pfsense/ has any use for you ?
-
@Gertjan said in DNS Level Google Safe Browsing:
This https://lifeoverlinux.com/how-to-configure-google-safe-search-on-pfsense/ has any use for you ?
These setup steps worked for me, I use it at home for safe search with my grade school kids.
Jeff
-
You don't have to query the api for every request. You can download the rule set and evaluate it local.
-
@akuma1x safe search is something different than safe browsing
-
@Thisisme said in DNS Level Google Safe Browsing:
The only fing needed is some logic to download the list and perform a check.
.... and make unbound aware of this list ?
Looks very like pfblockerng to me ;)
-
@Gertjan pfBlockerNG sadly can't read the safe browsing list.
The resolver can periodically download the block list via the Google api, store it local and validate on every request.
-
Having such feature directly in the DNS Server is a great idea, I also thought about it when choosing between SafeLink Wireless vs Assurance Wireless companies
-
Of course adding this feature to pfBlockerNG is fine too. Google Safe Browsing is one of the most advanced and best Malware lists currently available and it's free. Not using this resource is a complete waste of. Most free blocking lists aren't good and even combining several of them can never reach Google.
