Auto-update blog content from Obsidian: 2025-10-20 07:31:42
All checks were successful
Blog Deployment / Check-Rebuild (push) Successful in 6s
Blog Deployment / Build (push) Has been skipped
Blog Deployment / Deploy-Staging (push) Successful in 9s
Blog Deployment / Test-Staging (push) Successful in 3s
Blog Deployment / Merge (push) Successful in 7s
Blog Deployment / Deploy-Production (push) Successful in 9s
Blog Deployment / Test-Production (push) Successful in 2s
Blog Deployment / Clean (push) Has been skipped
Blog Deployment / Notify (push) Successful in 2s
All checks were successful
Blog Deployment / Check-Rebuild (push) Successful in 6s
Blog Deployment / Build (push) Has been skipped
Blog Deployment / Deploy-Staging (push) Successful in 9s
Blog Deployment / Test-Staging (push) Successful in 3s
Blog Deployment / Merge (push) Successful in 7s
Blog Deployment / Deploy-Production (push) Successful in 9s
Blog Deployment / Test-Production (push) Successful in 2s
Blog Deployment / Clean (push) Has been skipped
Blog Deployment / Notify (push) Successful in 2s
This commit is contained in:
Gitea Actions
@@ -269,7 +269,8 @@ Next I configure the DHCP ranges. Both firewalls will have different ranges, the
|
||||
Then I set some DHCP options for each domain: the `router`, the `dns-server` and the `domain-name`:
|
||||
|
||||
|
||||
Finally in in the `Hosts` tab, I define static DHCP mappings but also static IP not managed by the DHCP, to have them registered in the DNS.
|
||||
Finally in in the `Hosts` tab, I define static DHCP mappings but also static IP not managed by the DHCP, to have them registered in the DNS:
|
||||
|
||||
|
||||
### DNS
|
||||
|
||||
@@ -277,24 +278,25 @@ For the DNS, I will use Unbound. It is a validating, recursive, caching DNS reso
|
||||
- Resolve queries from the root servers.
|
||||
- Cache results for faster responses.
|
||||
- Check domain authenticity with DNSSEC.
|
||||
- Add custom records.
|
||||
- Block domains based of blacklist.
|
||||
- Add custom records.
|
||||
|
||||
For the local zones, I will use forward the requests to Dnsmasq, hence I will not registering DHCP leases in Unbound.
|
||||
|
||||
Let's configure it, in `Services` > `Unbound DNS` > `General`:
|
||||
|
||||
|
||||
Then I configure the blocklist in `Services` > `Unbound DNS` > `Blocklist`. I enable it and use the `[hagezi] Multi PRO mini` list. Initially I was using AdGuard Home, but I want to give this blocklist feature a chance.
|
||||
Then I configure the blocklist in `Services` > `Unbound DNS` > `Blocklist`. I enable it and select the `[hagezi] Multi PRO mini` list. Initially I was using AdGuard Home, but I want to give this blocklist feature a chance.
|
||||
|
||||
Finally I configure query forwarding for my local domains. In `Services` > `Unbound DNS` > `Query Forwarding`, I add each of my local domains with their reverse lookup (PTR record). The forwarded server is Dnsmasq which I'll configure next:
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
### VPN
|
||||
|
||||
When I'm not home, I still want to be able to reach my services and enjoy my DNS ad blocker. For that I'm setting up a VPN, with **WireGuard**. It's fast, secure and easy to set up.
|
||||
|
||||
In `VPN` > `WireGuard` > `Instances`, I create a new one:
|
||||
|
||||
### Reverse Proxy
|
||||
|
||||
### mDNS Repeater
|
||||
@@ -314,5 +316,6 @@ Replicate configuration
|
||||
Firewall
|
||||
All sites
|
||||
mDNS (chromecast)
|
||||
VPN
|
||||
|
||||
DNS blocklist
|
||||
|
||||
Reference in New Issue
Block a user