« Unbound - Pihole » : différence entre les versions
Aucun résumé des modifications |
|||
Ligne 1 : | Ligne 1 : | ||
== NetworkManager DNS == | == NetworkManager DNS == | ||
[https://marmits.com/wiki/Bookworm voir DNS local sur le serveur PiHole sur | [https://marmits.com/wiki/Bookworm voir DNS local sur le serveur PiHole sur la page wiki/Bookworm] | ||
== Unbound == | == Unbound == |
Version du 21 août 2024 à 20:31
NetworkManager DNS
voir DNS local sur le serveur PiHole sur la page wiki/Bookworm
Unbound
Services
DNS local avec unbound et pihole unbound avec une conf pour pihole dans /etc/unbound/unbound.conf.d/pi-hole.conf une conf pour les domaines en local dans /etc/unbound/unbound.conf.d/local.conf
- https://www.azurs.net/carnet/2016/02/serveur-dns-local-sur-raspberry-pi-sous-arch-linux-arm/
- http://gregoryborysiak.blogspot.com/2015/04/configurer-unbound-sur-raspberry-pi.html
/etc/unbound/unbound.conf.d sudo service unbound restart unbound-checkconf #logrotate touch /var/log/unbound.log sudo chmod 640 /var/log/unbound.log sudo chown unbound:unbound /var/log/unbound.log /var/log/unbound.log { rotate 7 weekly missingok notifempty delaycompress compress size 1M create 640 unbound unbound postrotate service unbound restart endscript } #forcer logrotate sudo logrotate -f /etc/logrotate.d/unbound
- https://docs.pi-hole.net/guides/dns/unbound/
- https://echolib.in/raspberry-installer-pi-hole-unbound
- https://docs.pi-hole.net/guides/unbound/
DNSSEC
Utiliser Unbound avec DNSSEC howto unbound-anchor dig com. SOA +dnssec
Chiffré ?
server: interface: 2001:db8:1::dead:beef@853 ssl-service-key: "/etc/unbound/unbound_server.key" ssl-service-pem: "/etc/unbound/unbound_server.pem" ssl-port: 853
fail: the anchor is NOT ok and could not be fixed
Si le serveur DNS unbound ne fonctionne pas :
sudo service unbound status => systemd[1]: Starting Unbound DNS server... package-helper[499]: /var/lib/unbound/root.key has content package-helper[499]: fail: the anchor is NOT ok and could not be fixed systemd[1]: Started Unbound DNS server. solution: sudo wget -O /var/lib/unbound/root.hints https://www.internic.net/domain/named.root
Configuration de l'adresse du résolveur
Configuration de l'adresse du résolveur
L'adresse du résolveur unbound est 127.0.0.1 et doit-être configurée dans /etc/resolv.conf
. Pour que l'adresse soit persistance et ne soit pas remplacée par les adresses des DNS du fournisseur d'accès à chaque reconnexion :
installer openresolv
pihole
- https://docs.pi-hole.net/core/pihole-command/
- https://mediacenterz.com/tutoriel-complete-pi-hole-bloqueur-dannonces-pour-toute-la-maison/
#mise à jour pihole car pas apt pihole -up (le repertoire admin doit se trouver ds /var/www/html) # relancer pihole -a -i #relancer le service DNS pihole restartdns #Rechercher dans la black liste un terme pihole -q -all facebook.com pihole -q -adlist -exact facebook.com
pihole status sudo netstat -nltup | grep 'Proto\|:53 \|:67 \|:80 \|:471'
pihole : core pihole -w, pihole -b, pihole -regex, pihole -wild : Whitelisting, Blacklisting and Regex pihole debug : Debugger pihole flush : Log Flush pihole reconfigure : Reconfigure pihole tail : Tail pihole -a : Admin pihole : chronometer : Chronometer pihole : updateGravity Gravity pihole : logging Logging pihole : query Query pihole updatePihole : Update pihole version : Version pihole uninstall : Uninstall pihole status : Status pihole enable : Enable & Disable pihole restartdns : Restart DNS pihole checkout : Checkout
Ports
We need ports 53, 80, and 4711. Port 80 is optional if you decide not to install the Web dashboard during installation. Port 53(DNS) should be used by dnsmasq TCP/UDP If you happen to have another DNS server running, such as BIND, you will need to turn it off in order for Pi-hole to respond to DNS queries. Port 80(HTTP) should be used by lighttpd TCP If you have another Web server already running, such as Apache, Pi-hole's Web server will not work. You can either disable the other Web server or change the port on which lighttpd listens, which allows you keep both Web servers running. Port 4711 should be used by pihole-FTL TCP FTL is our API engine and by default uses port 4711, but will increment if it's already in use by something else FTL is our API engine and uses port 4711 on the localhost interface. This port should not be accessible from any other interface. Port 67 (DHCP) should be used by DHCP IPV4 UDP (option) pas de service DHCP The DHCP server is an optional feature that requires additional ports. Port 547 should be used by DHCPv6 IPV6 UDP (option) pas de service DHCP The DHCP server is an optional feature that requires additional ports. Info: The use of lighttpd on port 80 is optional if you decide not to install the Web dashboard during installation. The use of pihole-FTL on ports 67 or 547 is optional, but required if you use the DHCP functions of Pi-hole.
BDD de pihole
#sqlite3 /etc/pihole/pihole-FTL.db #backup avec un cron sqlite3 /etc/pihole/pihole-FTL.db ".backup /home/pi/pihole-FTL.db.backup"
Block lists
- Listes de blocage
- pihole-blocklist
- https://raw.githubusercontent.com/deathbybandaid/piholeparser/master/Subscribable-Lists/ParsedBlacklists/Block-EU-Cookie-Shit-List.txt
- https://raw.githubusercontent.com/deathbybandaid/piholeparser/master/Subscribable-Lists/CountryCodesLists/France.txt
- https://easylist-downloads.adblockplus.org/liste_fr%2Beasylist.txt
- https://blocklist.site/app/dl/malware
- https://blocklist.site/app/dl/ransomware
- https://blocklist.site/app/dl/phishing
- https://blocklist.site/app/dl/ads
- https://gist.githubusercontent.com/BBcan177/4a8bf37c131be4803cb2/raw/343ff780e15205b4dd0de37c86af34cfb26b2fbe/MS-2
- https://raw.githubusercontent.com/anudeepND/youtubeadsblacklist/master/domainlist.txt
- https://blocklist.site/app/dl/spam
- https://hosts.ubuntu101.co.za/domains.list
- https://hosts.ubuntu101.co.za/ips.list
update pihole
pihole -up
Contrôle parental
#bloquer pihole --wild facebook.com #débloquer pihole --wild -d facebook.com