DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD Security

OpenBSD Security Functionally paranoid!

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 4th April 2021
psypro psypro is offline
Package Pilot
 
Join Date: Mar 2016
Location: Continent:Europe
Posts: 156
Default Unbound DNS with filter

I found this webpage https://cleanbrowsing.org/
Code:
IPv4 address: 185.228.168.10 and 185.228.169.11
It has an DNS with filter for adult, scam.

So first i used unbound. Adult content is then to be found.
I then changed dhpcd.conf to give the DNS from cleanbrowsing. Then adult content is not to be found.
What is wrong with my unbound.conf since cleanbrowsing does not take effect.

Code:
Kingslanding# nslookup pornhub.com                                             
Server:         192.168.3.1
Address:        192.168.3.1#53

Non-authoritative answer:
Name:   pornhub.com
Address: 66.254.114.41

Kingslanding# sh /etc/netstart                                                 
re0: 192.168.3.80 lease accepted from 192.168.3.1 (00:1b:21:18:10:19)
Kingslanding# nslookup pornhub.com 
Server:         185.228.168.10
Address:        185.228.168.10#53

** server can't find pornhub.com: NXDOMAIN


Code:
server:
	interface: 192.168.3.1
	interface: 127.0.0.1
	interface: ::1

	access-control: 127.0.0.0/8 allow
	access-control: 192.168.3.0/24 allow
	access-control: 0.0.0.0/0 refuse
	access-control: ::0/0 refuse
	access-control: ::1 allow

  hide-identity: yes
  hide-version: yes


    harden-below-nxdomain: yes
    harden-referral-path: yes
    harden-algo-downgrade: no # false positives with improperly configured zones
    use-caps-for-id: no # makes lots of queries fail
    


forward-zone:
	name:  	185.228.169.11			# use for ALL queries
	forward-addr: 185.228.169.11  			# Alti

	forward-first: no			# try direct if forwarder fails

Last edited by psypro; 4th April 2021 at 09:30 AM.
Reply With Quote
  #2   (View Single Post)  
Old 4th April 2021
psypro psypro is offline
Package Pilot
 
Join Date: Mar 2016
Location: Continent:Europe
Posts: 156
Default

This unbound conf worked.
It was 2 problems I think before.
Something in the old unbound.conf
The secondary DNS ip does not provide the same service


/Var/unbound/etc/unbound.conf
Code:
## Simple recursive caching DNS, UDP port 53
## unbound.conf -- https://calomel.org
#
server:
  access-control: 10.0.0.0/8 allow
  access-control: 127.0.0.0/8 allow
  access-control: 192.168.3.0/16 allow
  aggressive-nsec: yes
  cache-max-ttl: 14400
  cache-min-ttl: 1200
  hide-identity: yes
  hide-version: yes
  interface: 0.0.0.0
  prefetch: yes
  rrset-roundrobin: yes
	so-reuseport: yes
# tls-cert-bundle: "/usr/local/share/certs/ca-root-nss.crt"
  use-caps-for-id: yes
  verbosity: 1

  # Unbound from pkg built with libevent; increase threads and slabs to the
  # number of real cpu cores to reduce lock contention. Increase cache size to
  # store more records and allow each thread to serve an increased number of
  # concurrent client requests.
# num-threads: 4
# msg-cache-slabs: 4
# rrset-cache-slabs: 4
# infra-cache-slabs: 4
# key-cache-slabs: 4
# msg-cache-size: 256M
# rrset-cache-size: 512M
# outgoing-range: 8192
# num-queries-per-thread: 4096

forward-zone:
   name: "."
   forward-addr: 185.228.168.10
   #forward-addr: 1.1.1.1@53#one.one.one.one
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Unbound(8) and dig(1) delays Funkygoby OpenBSD General 10 21st June 2020 01:31 PM
PDF/Postscript -> print filter -> Print Queue Filter shep Programming 6 24th December 2018 03:33 PM
Unbound and states junkym OpenBSD General 3 22nd October 2016 10:03 PM
Unbound Database daemonbak OpenBSD General 2 21st July 2015 03:28 AM
Unbound Troubleshoot Peter_APIIT OpenBSD General 13 26th June 2015 02:00 AM


All times are GMT. The time now is 02:23 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick