Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    DNS Level Google Safe Browsing

    Scheduled Pinned Locked Moved
    DHCP and DNS
    5
    11
    1.2k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • ?
      A Former User
      last edited by A Former User

      Google Safe Browsing is a Google API that takes an url and says if the URL is trustworthy. Is it possible to integrate this Service in the pfsense DNS resolver? Maybe you can make this a feature request?

      I know that squid can do something like this. But having this directly in the DNS Server would be much more effective.

      GertjanG 1 Reply Last reply Reply Quote 0
      • awebsterA
        awebster
        last edited by

        You can certainly use "safer" DNS servers on your pfSense installation, Cisco's Umbrella, or Quad9 come to mind.

        –A.

        ? 1 Reply Last reply Reply Quote 0
        • ?
          A Former User @awebster
          last edited by A Former User

          @awebster Than I have to give up control. If this is a built in feature of the dns resolver I can whitelist, blacklist and log as I want. Quad9 doens't give me this chance.

          The safe browsing block list is available as a download. The only fing needed is some logic to download the list and perform a check.

          GertjanG 1 Reply Last reply Reply Quote 0
          • GertjanG
            Gertjan @A Former User
            last edited by Gertjan

            @Thisisme said in DNS Level Google Safe Browsing:

            Maybe you can make this a feature request?

            Before making such a request, check how many DNS requests are actually send away from your system (pfSense).
            As you might know, it takes some time before an answer comes back.
            If the DNS handling has to be done using an API requests, the request will take more time.

            Btw : the request should be placed here : https://www.nlnetlabs.nl/projects/unbound/about/ (or the place where they develop dnsmasq, the forwarder)

            This https://lifeoverlinux.com/how-to-configure-google-safe-search-on-pfsense/ has any use for you ?

            No "help me" PM's please. Use the forum, the community will thank you.
            Edit : and where are the logs ??

            A 1 Reply Last reply Reply Quote 0
            • A
              akuma1x @Gertjan
              last edited by

              @Gertjan said in DNS Level Google Safe Browsing:

              This https://lifeoverlinux.com/how-to-configure-google-safe-search-on-pfsense/ has any use for you ?

              These setup steps worked for me, I use it at home for safe search with my grade school kids.

              Jeff

              ? 1 Reply Last reply Reply Quote 0
              • ?
                A Former User
                last edited by

                You don't have to query the api for every request. You can download the rule set and evaluate it local.

                1 Reply Last reply Reply Quote 0
                • ?
                  A Former User @akuma1x
                  last edited by

                  @akuma1x safe search is something different than safe browsing

                  1 Reply Last reply Reply Quote 0
                  • GertjanG
                    Gertjan @A Former User
                    last edited by

                    @Thisisme said in DNS Level Google Safe Browsing:

                    The only fing needed is some logic to download the list and perform a check.

                    .... and make unbound aware of this list ?

                    Looks very like pfblockerng to me ;)

                    No "help me" PM's please. Use the forum, the community will thank you.
                    Edit : and where are the logs ??

                    ? 1 Reply Last reply Reply Quote 0
                    • ?
                      A Former User @Gertjan
                      last edited by A Former User

                      @Gertjan pfBlockerNG sadly can't read the safe browsing list.

                      The resolver can periodically download the block list via the Google api, store it local and validate on every request.

                      1 Reply Last reply Reply Quote 0
                      • P
                        Patrick001
                        last edited by

                        Having such feature directly in the DNS Server is a great idea, I also thought about it when choosing between SafeLink Wireless vs Assurance Wireless companies

                        1 Reply Last reply Reply Quote 0
                        • ?
                          A Former User
                          last edited by

                          Of course adding this feature to pfBlockerNG is fine too. Google Safe Browsing is one of the most advanced and best Malware lists currently available and it's free. Not using this resource is a complete waste of. Most free blocking lists aren't good and even combining several of them can never reach Google.

                          1 Reply Last reply Reply Quote 0
                          • First post
                            Last post