Pfblocker use without unbound
-
Hi,
Is there anyway to use the DNSBL feature without unbound and use an upstream provider like cloudflare?
-
Hi,
The IP's based lists Pfblocker creates from the feeds are put ito alias(es), and used by pf.
So, when you limit Pfblocker to IP based feeds, probably yes. Give it a try ?The DNSBL presumes the presence of Unbound.
-
Hi
I'm basically trying to get it setup like pihole where if a DNS name.is not in the list it will forward then query to the chosen dns provider e.g cloudflare Google DNS etc
-
pfBlockerNG does somewhat the same thing.
The advantage of pfBlockerNG is that you do not need another device on your LAN or elsewhere.
pfBlockerNG , as far as I know, doesn't communicate with other devices - on your LAN, or elsewhere, except loading the feeds.Btw : I didn't say that pi-hole and pfBlockerNG are the same thing ^^
I also presume that if you use pi-home, you do not really need pfBlockerNG - neither unbound as a resolver : just forward to the pi-hole and you're good. -
I've got pihole setup but I'd rather just use one pfsense box with pfblocker however the dnsnbl features uses unbound which is slow imo hence why I'm asking if I can set cloudflare as my upstream DNS provider rather than using unbound
-
pi-hole and pfBlockerNG ?
Very strange, as you will be needing unbound in resolver mode. And resolver mode means : unbound speaks to the root - tld and name servers and to no one else (it's not going to inform some company about your DNS requests).You have to make a choice.
Using a pi-hole and then forwarding to cloudfare ?
Also strange (to me). I thought (?) that pi-hole is/was also a resolver. -
Nope pihole was always like this. It doesn't use unbound by default.
-
I just figured out that pi-hole is based upon dnsmasq - which is a DNS fiorwarder.
You have to give your DNS requests, that is, the one that are permitted, to one of these :
or - why not, your ISP DNS.
WTF : pi-hole is a nice front-end for the major data collectors ??
(I was pretty sure this wasn't the case ...)
( ... DNSSEC, as the image shows - doesn't make any sense, when forwarding ).
edit :
My interrogation is mentioned here : https://discourse.pi-hole.net/t/add-the-ability-to-let-pi-hole-resolve-dns/2368
And they included unbound .... https://docs.pi-hole.net/guides/unbound/ -
Yes very simple, configure cloud DNS ip's on the general setup screen under "dns server settings"
Then go to services -> dns resolver.
Tick the box next to "dns query forwarding"
Save, apply, done.