Any reason not to use unbound python mode?
-
I've noticed that the DNS resolver is enabled by default by Pfsense. The only thing I have configured in the resolver are a few host name overrides so that I know what some of the MAC addresses resolve to when checking the firewall logs.
I am currently on pfSense+ version 22.01.
1). Based off of that (limited) information, is there any reason for me to remain in unbound mode? It seems python mode enables more features and uses less memory.
2) Are there any prerequisites or changes I should make before changing modes?
3) Should I make the change, is there a better way of creating aliases for hosts when checking firewall logs?I'm only a few weeks in to pgblockerng and have learned quite a bit. Still a ways to go. I appreciate the time for replying.
-
@clokwork I would definitely use Python mode. A lot more options and much lighter on resources.
The only caveat is that DHCP registration has to be disabled as it conflicts with Python mode. You would disable it in DNS Resolver:
If you have particular clients that you really need to have registered in DNS then create a Static Mapping for them in the DHCP Server and enable this in DNS Resolver:
-
@dma_pf Thank you! I see that I am not using DHCP Registration so I think I am good to go. Took the plunge. Noticed a few things.
-
The memory utilization is actually higher. Not sure if there is a lot of initial work going on due to the change, but it's almost doubled from 8% of 8GB to 16%.
-
Under reports, the DNSBL area isn't showing the blocks in red anymore even though the (DNSBL Block Event color). The background is simply white.
Working as intended. I wasn't seeing the DNS Reply Events previously in unbound mode.
-