Pfblocker use without unbound

blackops786187

Hi,

Is there anyway to use the DNSBL feature without unbound and use an upstream provider like cloudflare?

Gertjan

Hi,

The IP's based lists Pfblocker creates from the feeds are put ito alias(es), and used by pf.
So, when you limit Pfblocker to IP based feeds, probably yes. Give it a try ?

The DNSBL presumes the presence of Unbound.

blackops786187

Hi

I'm basically trying to get it setup like pihole where if a DNS name.is not in the list it will forward then query to the chosen dns provider e.g cloudflare Google DNS etc

Gertjan

pfBlockerNG does somewhat the same thing.

The advantage of pfBlockerNG is that you do not need another device on your LAN or elsewhere.
pfBlockerNG , as far as I know, doesn't communicate with other devices - on your LAN, or elsewhere, except loading the feeds.

Btw : I didn't say that pi-hole and pfBlockerNG are the same thing ^^
I also presume that if you use pi-home, you do not really need pfBlockerNG - neither unbound as a resolver : just forward to the pi-hole and you're good.

blackops786187

I've got pihole setup but I'd rather just use one pfsense box with pfblocker however the dnsnbl features uses unbound which is slow imo hence why I'm asking if I can set cloudflare as my upstream DNS provider rather than using unbound

Gertjan

pi-hole and pfBlockerNG ?
Very strange, as you will be needing unbound in resolver mode. And resolver mode means : unbound speaks to the root - tld and name servers and to no one else (it's not going to inform some company about your DNS requests).

You have to make a choice.

Using a pi-hole and then forwarding to cloudfare ?
Also strange (to me). I thought (?) that pi-hole is/was also a resolver.

blackops786187

@Gertjan

Nope pihole was always like this. It doesn't use unbound by default.

Gertjan

I just figured out that pi-hole is based upon dnsmasq - which is a DNS fiorwarder.

You have to give your DNS requests, that is, the one that are permitted, to one of these :

or - why not, your ISP DNS.

WTF : pi-hole is a nice front-end for the major data collectors ??

(I was pretty sure this wasn't the case ...)

( ... DNSSEC, as the image shows - doesn't make any sense, when forwarding ).

edit :
My interrogation is mentioned here : https://discourse.pi-hole.net/t/add-the-ability-to-let-pi-hole-resolve-dns/2368
And they included unbound .... https://docs.pi-hole.net/guides/unbound/

chrcoluk

Yes very simple, configure cloud DNS ip's on the general setup screen under "dns server settings"

Then go to services -> dns resolver.

Tick the box next to "dns query forwarding"

Save, apply, done.