Today I decided I would create some way of visualizing my unbound DNS requests/blocks on OPNsense. Adguard does a good job at this but I have issue with added third party repos and plugins, especially at the router level.

Anyway…since the last time I’ve dug into this OPNsense has built in Unbound DNS reporting (since 23.1) and it’s amazing! Arguably just as good as Pihole or Adguard. Graphs, lists of top blocked and allowed domains, query logs, quick buttons to block or whitelist next to each domain. I’m impressed.

Not sure if this is the right community, but just wanted to share if some of you weren’t aware of this option.

  • @NightAuthor
    link
    English
    81 year ago

    Ugh, I want to build an opnsense router but I can’t go spending unnecessarily until I find a job.

    Anyone hiring an IT admin and/or software engineer in the Portland area?

    • krolden
      link
      fedilink
      English
      21 year ago

      Wyse 5070 thin clients are cheap on ebay and work great.

      • @NightAuthor
        link
        English
        31 year ago

        How do you deal with only 1 Ethernet port?

        Vlan to managed switch? USB Ethernet adapter?

        Also, is this powerful enough for a symmetrical 1gig connection?

        • @peregus
          link
          English
          31 year ago

          I run it on a Fujitsu Futro S720 thin client (bought for 40€ on ebay) with a VLAN aware switch. I know the Futro is not available in the US, but there is an HP thin client similar to it.

        • krolden
          link
          fedilink
          English
          31 year ago

          Theres a NIC that uses the WiFi m.2 socket and mounts in th thin client option port.

          Ive been running it at full speed on symmetrical gigabit pppoe with opnsense for a while. Works great.

    • @ikidd
      link
      English
      11 year ago

      If you have a Proxmox box with 2 NICs, it requires very little resources as a VM.

  • @[email protected]
    link
    fedilink
    English
    61 year ago

    I’ve been rocking an ali express mini PC since 2017, started with pfsense for a year and ditched it when the devs had multiple public tantrums. Opnsense ever since then. It’s been rock solid and super stable since. Super happy I went with it!

  • @[email protected]
    link
    fedilink
    English
    31 year ago

    So this would basically allow me to use unbound as a DNS filter and resolver? Any reason why one would use adguard/blocky in their setup? Would it be more performant to use blocky + unbound, or have all your filtering done using unbound?

    • HTTP_404_NotFound
      link
      fedilink
      English
      11 year ago

      unbound as a DNS filter and resolver

      Its… worked as a recursive resolver, with filtering/blacklist features for years now?

          • @[email protected]
            link
            fedilink
            English
            11 year ago

            I pull all my data into Grafana anyway, so dashboarding on any platform holds little attraction for my use case.

            That said, my pair of Pi-hole servers pre-dates my OPNsense setup, plus I use a lot of internal hostname resolution for service portability. My single instance of OPNsense doesn’t tick all those boxes for DNS.

            • @ikidd
              link
              English
              11 year ago

              Unbound will do complete domain redirection to another service on itself or individual host overrides if you wanted to do that in the OPNsense box alone. What I like about the host overrides being on the Opnsense box is that you can have DHCP make the clients register their hostnames with Unbound for automatic registration, and if you combine that with IP reservations, it’s that much more predictable.

              • @[email protected]
                link
                fedilink
                English
                11 year ago

                Yeah, no doubt there’s some benefits there. My problem is that I don’t (yet) have the storage system to make my Proxmox cluster properly HA. Technically, a hardware fault could still take down my OPNsense instance, whereas I have a secondary Pi-hole running on a RasPi, for redundancy.

  • @[email protected]B
    link
    fedilink
    English
    11 year ago

    Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I’ve seen in this thread:

    Fewer Letters More Letters
    DNS Domain Name Service/System
    HA Home Assistant automation software
    ~ High Availability
    IP Internet Protocol

    [Thread #260 for this sub, first seen 2nd Nov 2023, 20:10] [FAQ] [Full list] [Contact] [Source code]

  • flux
    link
    English
    11 year ago

    I didn’t know. I’ll have a look. thanks for sharing.

  • @ikidd
    link
    English
    11 year ago

    I think you can also export to graphana via Prometheus if you want to get fancy.

  • @thisisawayoflife
    link
    English
    11 year ago

    This is good to know as I’ll be seeing up a new opnsense router in the next few weeks.