NethServer Version: 7.4 ELPRO-Kernel
Hello, next question…
On my local Macs I use a long time unbound as a local DNS-resolver without forwarding and “qname-minimisation: yes” . Also I got a DNSSEC-Solution by the way!
On my last attempt the to implement a gateway I used IPFirewall (with kernel 2.x tooo slow). They provide unbound by default, but with forwarding. A charming feature is the possibility to block web pages on DNS level and therefore you don’t need a webproxy. To do this I used the script dns-blocklist. sh
Finally, I combined known blocklists with my own blacklists and white-lists and assigned them to the local zone instead of substituting them with 0.0.0.0.0 via…
/bin/dns_blocklist.sh -s 12 -b /etc/unbound_control/blacklist.hosts -w /etc/unbound_control/whitelist.hosts && sed -i 's/local-data/local-zone/g; s/[[:space:]]A 127.0.0.1"/" static/g' /etc/unbound/local.d/blocklist.conf && /etc/init.d/unbound restart
That’s a real fast solution for blocking ads and tracking!
My questions:
- is it possible to replace dnsmasq with unbound in Nethserver and if so how?
- would the script also work in Nethserver?
- If not - how I could implement DNSSEC in Nethserver?
Best regards, Marko