Pfblocker use without unbound

blackops786187 · Oct 19, 2020, 11:41 AM

Hi,

Is there anyway to use the DNSBL feature without unbound and use an upstream provider like cloudflare?

Gertjan · Oct 19, 2020, 12:25 PM

Hi,

The IP's based lists Pfblocker creates from the feeds are put ito alias(es), and used by pf.
So, when you limit Pfblocker to IP based feeds, probably yes. Give it a try ?

The DNSBL presumes the presence of Unbound.

blackops786187 · Oct 19, 2020, 12:29 PM

Hi

I'm basically trying to get it setup like pihole where if a DNS name.is not in the list it will forward then query to the chosen dns provider e.g cloudflare Google DNS etc

Gertjan · Oct 19, 2020, 12:36 PM

pfBlockerNG does somewhat the same thing.

The advantage of pfBlockerNG is that you do not need another device on your LAN or elsewhere.
pfBlockerNG , as far as I know, doesn't communicate with other devices - on your LAN, or elsewhere, except loading the feeds.

Btw : I didn't say that pi-hole and pfBlockerNG are the same thing ^^
I also presume that if you use pi-home, you do not really need pfBlockerNG - neither unbound as a resolver : just forward to the pi-hole and you're good.

blackops786187 · Oct 19, 2020, 12:38 PM

I've got pihole setup but I'd rather just use one pfsense box with pfblocker however the dnsnbl features uses unbound which is slow imo hence why I'm asking if I can set cloudflare as my upstream DNS provider rather than using unbound

Gertjan · Oct 19, 2020, 12:50 PM

pi-hole and pfBlockerNG ?
Very strange, as you will be needing unbound in resolver mode. And resolver mode means : unbound speaks to the root - tld and name servers and to no one else (it's not going to inform some company about your DNS requests).

You have to make a choice.

Using a pi-hole and then forwarding to cloudfare ?
Also strange (to me). I thought (?) that pi-hole is/was also a resolver.

blackops786187 · Oct 19, 2020, 12:51 PM

@Gertjan

Nope pihole was always like this. It doesn't use unbound by default.

Gertjan · Oct 19, 2020, 3:33 PM

I just figured out that pi-hole is based upon dnsmasq - which is a DNS fiorwarder.

You have to give your DNS requests, that is, the one that are permitted, to one of these :

or - why not, your ISP DNS.

WTF : pi-hole is a nice front-end for the major data collectors ??

(I was pretty sure this wasn't the case ...)

( ... DNSSEC, as the image shows - doesn't make any sense, when forwarding ).

edit :
My interrogation is mentioned here : https://discourse.pi-hole.net/t/add-the-ability-to-let-pi-hole-resolve-dns/2368
And they included unbound .... https://docs.pi-hole.net/guides/unbound/

chrcoluk · Nov 1, 2020, 10:01 PM

Yes very simple, configure cloud DNS ip's on the general setup screen under "dns server settings"

Then go to services -> dns resolver.

Tick the box next to "dns query forwarding"

Save, apply, done.