Unbound
pivpn
Our great sponsors
Unbound | pivpn | |
---|---|---|
40 | 311 | |
2,777 | 6,821 | |
3.2% | 2.3% | |
9.4 | 5.8 | |
5 days ago | 11 days ago | |
C | Shell | |
BSD 3-clause "New" or "Revised" License | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Unbound
-
Just one bad packet can bring down a vulnerable DNS server thanks to DNSSEC
dnsmasq and unbound are impacted to
https://github.com/NLnetLabs/unbound/releases/tag/release-1....
https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/20...
As are any other DNSSEC validators that followed the specifications.
Bind9 has its problems but this is not its fault this time.
-
Encrypted Client Hello – the last puzzle piece to privacy
Are you familiar with https://pi-hole.net/ ?
In my house I want DNS resolution to be performed by my own DNS resolver (https://github.com/NLnetLabs/unbound), after I block ad domains.
DoH circumvents that.
-
Running PiHole on a second server
Gravity-Sync won't do that. But searching around on GH, I found this : https://github.com/NLnetLabs/unbound/blob/master/contrib/unbound_cache.sh
-
pfBlockerNG-devel v3.1.0_7 / v3.1.0_14
Version 1.15.0 Configure line: --with-libexpat=/usr/local --with-ssl=/usr --disable-dnscrypt --disable-dnstap --with-libnghttp2 --enable-ecdsa --disable-event-api --enable-gost --with-libevent --with-pythonmodule=yes --with-pyunbound=yes ac_cv_path_SWIG=/usr/local/bin/swig LDFLAGS=-L/usr/local/lib --disable-subnet --disable-tfo-client --disable-tfo-server --with-pthreads --prefix=/usr/local --localstatedir=/var --mandir=/usr/local/man --infodir=/usr/local/share/info/ --build=amd64-portbld-freebsd12.3 Linked libs: libevent 2.1.12-stable (it uses kqueue), OpenSSL 1.1.1n-freebsd 15 Mar 2022 Linked modules: dns64 python respip validator iterator BSD licensed, see LICENSE in source package for details. Report bugs to [email protected] or https://github.com/NLnetLabs/unbound/issues
-
"Jeez why you need an adblocker" they say...
Unbound DNS
- How can I persist/retain Unbound cache across reboot?
-
Does OpenDNS Family Shield still work or did they get rid of it?
Many users (myself included) opt to leave out third party resolvers entirely and deploy a local recursive nameserver. I use Unbound. In the default recursive operation it queries the root nameservers directly, with responses validated using DNSSEC. So there's no potential of a third party upstream providing incorrect records, either accidentally or deliberately, and no one server gets the opportunity to log the full path of your resolution chain. Your ISP, Cloudflare, Google, OpenDNS or whatever may super duper pinkie promise not to log your resolution history or use it for whatever purpose, but why give them the opportunity to?
-
Private DNS Mode Setting?
The next logical step in this chain usually looks something like "OK, so my queries and their responses are secure, but why do I trust [my ISP/this third party/this faceless megacorporation] exactly?", and...honetly, you shouldn't. One or two more questions and the next thing you know you're running your own full recursive resolver stack.
-
When do you think Chrome on Android will get extension support?
I wasn't personally particularly happy with any one provider's offering, and didn't want to needlessly include a third party, so I stood up my own APDNS proxy with an iterating nameserver behind it.
-
NextDNS with OPNsense or Unifi USG
I have nextdns CLI installed on OPNSense but I'm looking for a plugin for OPNsense since I have zero visibility with the CLI Anyone know if this is coming soon or in the works? this page says "coming soon": https://github.com/nextdns/nextdns/wiki and this says that nextdns doesn't work with with unbound: https://github.com/NLnetLabs/unbound/issues/132
pivpn
- PiVPN v4.6.0: The End
-
Network setup for remote access
PiVPN for classic VPN software https://pivpn.io - Wireguard would be my choice
-
Can't get it to run after installation, although running vpn from this pi before
Linux retropie 5.10.103-v7l+ #1529 SMP Tue Mar 8 12:24:00 GMT 2022 armv7l GNU/Linux
-
Easy VPN install on Debian
Wondering what people are using these days to get a VPN (Wireguard?) up and running easily. Is Wireguard itself simple enough that one can just ... do this? I'm thinking of something like PiVPN which does appear to still exist but I'm unsure of how up-to-date it is. Specifically, I like terminal commands just fine, but would prefer not to have to manually configure a basic VPN (internet gateway) and its associated profiles/certificates.
-
Wireguard without VPS?
If you really want some hand holding, PiVPN is even easier.
-
Remote Access
They're easily set up via the guided PiVPN installation script. Should work on everything that's Debian-based, not just on Rasbian running on a Pi.
-
Build your own private WireGuard VPN with PiVPN
under Features in [1]:
* Doesn't need to be a Raspberry Pi™, It runs on any x86_64 system
yes the webui now has some convenience options for generating and importing configs, but there's still a gap (as in default package installed) in client profile management or network management on cli.
What pivpn (and similar tooling wrapping lower level commands) bring along is this client management and even some network topology/routing management : https://docs.pivpn.io/wireguard/ and https://github.com/pivpn/pivpn/tree/master/scripts/wireguard
I think it's a interesting spectrum between wg-cli and tailscale.
- What's a simple way add a VPN to a home network
What are some alternatives?
Bind - Mirror of https://gitlab.isc.org/isc-projects/bind9, please submit issues and PR/MRs in the GitLab. Any issues and PRs opened here will be closed without a comment.
PowerDNS - PowerDNS Authoritative, PowerDNS Recursor, dnsdist
Knot Resolver - Knot Resolver - resolve DNS names like it's 2024
Knot DNS - A mirrored repository
dnsmasq - mirror of dnsmasq (git://thekelleys.org.uk/dnsmasq.git ). This account is NOT maintained by dnsmasq developers. I am happy to give account to them. Please feel free to contact me. 1584171677[at]qq[dot]com
tailscale - The easiest, most secure way to use WireGuard and 2FA.
docker-wireguard
nextdns - NextDNS CLI client (DoH Proxy)
DoH
wg-easy - The easiest way to run WireGuard VPN + Web-based Admin UI. [Moved to: https://github.com/wg-easy/wg-easy]
dnsproxy - Simple DNS proxy with DoH, DoT, DoQ and DNSCrypt support
docker-cloudflared - Cloudflared proxy-dns Docker image