Der Beitrag zur Einrichtung von unbound in Verbindung mit Pi-hole zur Verbesserung der DNS-Antworten in Bezug auf Geschwindigkeit und Privatsphäre ist abgeschlossen. Wann soll er erscheinen?
Definitely adding that to my toolkit for next time. Was only after spending a number of hours code reading and writing manual probes to try and figure out where the EINVAL was bubbling up from.
Would be great if we had a repository somewhere of D scripts to cover a huge range of analysis areas, and help folks bootstrap themselves into writing their own.
Another step completed on my Home Lab journey. PiHole is up and running, and I have my local DNS configured.
Followed a great guide by @chris A fun part was setting up a shortcut on my StreamDeck to turn off PiHole blocking for 5 minutes when I need to test something.
Tweaked it a bit to also alert me when the 5 minutes have elapsed.
Created an Apple Shortcut to do basically the same thing, but available on all my iOS devices!
@dkoneill Just installed Unbound tonight. I do notice faster resolution for sure! At the moment it feels a bit like a magic box, but I'll learn more as time goes on - that's what Home Labs are all about right?
As long as it passes the spouse approval test, it will stick around.
Maintenant que #Unbound 1.18.0 sous Debian est compilé avec le support de #Redis, je me demande si ça vaut le coup de l'utiliser pour dns.shaftinc.fr
L'idée d'associer Redis à un résolveur #DNS et de servir de cache de 2nd niveau
Avantage : avoir du cache dispo après redémarrage, et pour ce qui touche au RFC 8767 (service de données périmées)
Maintenant, ça ajoute un logiciel assez lourd dans la boucle. Pour un gain qui sera sans doute marginal sur une petite installation comme @DNS_Shaftinc
My @nlnetlabs#unbound#docker image has been updated to #OpenSSL 3.1.1 including my build bases which got updated to #Alpine 3.18.0. The images version reads 1.17.1-5.
Quad9 does deserve our support.
But even better in terms of freedom is running your own local recursive resolver (e.g. #Unbound, possibly combined with #PiHole), which also allows you to do DNSSEC validation on/near the endpoint.
Now with RPZ, I build an equivalent in Python with a lot of advantages:
Can be used with BIND, Knot and Unbound
Using dnspython, I can remove all domains whose parent is already in the list (no need to block ads.ad-company.example when you already block ad-company.example)
Just need to test it in BIND and Knot, write a Readme and I will be able to push it to my repo :)
Ryybyn may be 2 kool 4 skool but they are never too cool for the stickers Alison lovingly makes for them.
During the campaign, Alison's player would make "certificated of excellence" celebrating some each player had done each session. It was really fun and cute so I wanted to make an illustration in tribute to them all!