Unbound

Ads blocking with OpenBSD unbound(8)

       1838 words, 9 minutes

The Internet is full of Ads and Trackers. And a way to avoid those is to simply not reach the stinky servers. This can be partially done using a local DNS resolver. This article is a reboot of both the 2019 Blocking Ads using unbound on OpenBSD and Storing unbound logs into InfluxDB posts ; hopefully improved.

Continue reading...


Storing unbound(8) logs into InfluxDB

       828 words, 4 minutes

I’m using unbound(8) on OpenBSD to block Ads . In the logs, I can see which domains were queried and blocked ; but I like to have a more graphical overview of whats happening over weeks. So I stole a few ideas from the Pi-Hole Web Interface , routed the logs to InfluxDB via syslog-ng and rendered statistics using Grafana.

Continue reading...


Blocking Ads using unbound(8) on OpenBSD

       416 words, 2 minutes

The Internet is full of Ads and Trackers. Some of them are useful to monetize free content. Some are used in a non-ethical manner. Savvy users will configure Ad-Blocker on their Web browser. Others won’t. Most Appliance and IoT modules won’t allow third-party blocking addons. Here’s how to add an extra layer of privacy using OpenBSD and its unbound(8) DNS resolver.

Continue reading...


Monitoring unbound(8) using Net-SNMP, Telegraf, InfluxDB and Elasticsearch

       809 words, 4 minutes

I’ve enabled an OpenBSD unbound(8) daemon that is used as a central DNS cache resolver. Now I needed to know what it was doing and how it performed. The question was answered grabbing statistics from unbound and render them using Grafana. The whole monitoring stack is composed of Net-SNMP, Telegraf and InfluxDB for the metrics part ; and syslogd(8), Logstash and Elasticsearch for the logs part. Of course, most of those run on OpenBSD (6.3) ; except Telegraf, which is not available (yet).

Continue reading...


Force OpenBSD to use unbound(8) DNS resolver in DHCP client mode

       106 words, 1 minutes

By default, a DHCP client gets an IP address, a network gateway and a DNS server. That’s fine most of the time. But if you own an OpenBSD cloud instance that has to use DHCP to get online, you might not be satisfied with the domain-name-servers option provided by your DHCP server. Hopefully, OpenBSD provides an easy way to force your DNS: # viĀ /etc/dhclient.conf (...) prepend domain-name-servers 127.0.0.1; Since then, OpenBSD will use our DNS resolver. Which is… unbound(8)

Continue reading...


1 / 2