Auto-update blog content from Obsidian: 2025-10-20 07:31:42
All checks were successful
Blog Deployment / Check-Rebuild (push) Successful in 6s
Blog Deployment / Build (push) Has been skipped
Blog Deployment / Deploy-Staging (push) Successful in 9s
Blog Deployment / Test-Staging (push) Successful in 3s
Blog Deployment / Merge (push) Successful in 7s
Blog Deployment / Deploy-Production (push) Successful in 9s
Blog Deployment / Test-Production (push) Successful in 2s
Blog Deployment / Clean (push) Has been skipped
Blog Deployment / Notify (push) Successful in 2s
All checks were successful
Blog Deployment / Check-Rebuild (push) Successful in 6s
Blog Deployment / Build (push) Has been skipped
Blog Deployment / Deploy-Staging (push) Successful in 9s
Blog Deployment / Test-Staging (push) Successful in 3s
Blog Deployment / Merge (push) Successful in 7s
Blog Deployment / Deploy-Production (push) Successful in 9s
Blog Deployment / Test-Production (push) Successful in 2s
Blog Deployment / Clean (push) Has been skipped
Blog Deployment / Notify (push) Successful in 2s
This commit is contained in:
Gitea Actions
@@ -269,7 +269,8 @@ Next I configure the DHCP ranges. Both firewalls will have different ranges, the
|
|||||||
Then I set some DHCP options for each domain: the `router`, the `dns-server` and the `domain-name`:
|
Then I set some DHCP options for each domain: the `router`, the `dns-server` and the `domain-name`:
|
||||||
|
|
||||||
|
|
||||||
Finally in in the `Hosts` tab, I define static DHCP mappings but also static IP not managed by the DHCP, to have them registered in the DNS.
|
Finally in in the `Hosts` tab, I define static DHCP mappings but also static IP not managed by the DHCP, to have them registered in the DNS:
|
||||||
|
|
||||||
|
|
||||||
### DNS
|
### DNS
|
||||||
|
|
||||||
@@ -277,24 +278,25 @@ For the DNS, I will use Unbound. It is a validating, recursive, caching DNS reso
|
|||||||
- Resolve queries from the root servers.
|
- Resolve queries from the root servers.
|
||||||
- Cache results for faster responses.
|
- Cache results for faster responses.
|
||||||
- Check domain authenticity with DNSSEC.
|
- Check domain authenticity with DNSSEC.
|
||||||
- Add custom records.
|
|
||||||
- Block domains based of blacklist.
|
- Block domains based of blacklist.
|
||||||
|
- Add custom records.
|
||||||
|
|
||||||
For the local zones, I will use forward the requests to Dnsmasq, hence I will not registering DHCP leases in Unbound.
|
For the local zones, I will use forward the requests to Dnsmasq, hence I will not registering DHCP leases in Unbound.
|
||||||
|
|
||||||
Let's configure it, in `Services` > `Unbound DNS` > `General`:
|
Let's configure it, in `Services` > `Unbound DNS` > `General`:
|
||||||
|
|
||||||
|
|
||||||
Then I configure the blocklist in `Services` > `Unbound DNS` > `Blocklist`. I enable it and use the `[hagezi] Multi PRO mini` list. Initially I was using AdGuard Home, but I want to give this blocklist feature a chance.
|
Then I configure the blocklist in `Services` > `Unbound DNS` > `Blocklist`. I enable it and select the `[hagezi] Multi PRO mini` list. Initially I was using AdGuard Home, but I want to give this blocklist feature a chance.
|
||||||
|
|
||||||
Finally I configure query forwarding for my local domains. In `Services` > `Unbound DNS` > `Query Forwarding`, I add each of my local domains with their reverse lookup (PTR record). The forwarded server is Dnsmasq which I'll configure next:
|
Finally I configure query forwarding for my local domains. In `Services` > `Unbound DNS` > `Query Forwarding`, I add each of my local domains with their reverse lookup (PTR record). The forwarded server is Dnsmasq which I'll configure next:
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
### VPN
|
### VPN
|
||||||
|
|
||||||
|
When I'm not home, I still want to be able to reach my services and enjoy my DNS ad blocker. For that I'm setting up a VPN, with **WireGuard**. It's fast, secure and easy to set up.
|
||||||
|
|
||||||
|
In `VPN` > `WireGuard` > `Instances`, I create a new one:
|
||||||
|
|
||||||
### Reverse Proxy
|
### Reverse Proxy
|
||||||
|
|
||||||
### mDNS Repeater
|
### mDNS Repeater
|
||||||
@@ -314,5 +316,6 @@ Replicate configuration
|
|||||||
Firewall
|
Firewall
|
||||||
All sites
|
All sites
|
||||||
mDNS (chromecast)
|
mDNS (chromecast)
|
||||||
|
VPN
|
||||||
|
|
||||||
DNS blocklist
|
DNS blocklist
|
||||||
|
|||||||
BIN
static/img/opnsense-dnsmasq-dhcp-hosts.png
Normal file
BIN
static/img/opnsense-dnsmasq-dhcp-hosts.png
Normal file
Binary file not shown.
|
After Width: | Height: | Size: 176 KiB |
Reference in New Issue
Block a user