I just configured Unbound on my pihole using office guide and followed this post to configure on openwrt.
I ran DNS Nameserver Spoofability Test before and after Unbound and I see a huge difference. My ISP name is visible in test now
https://tricorder.pi-hole.net/yvqaae80dx
Is this behavior right or have I missed something?
I run pihole + unbound + redis on my pi, was very interested in the result of the spoof test. My firewall is a pfsense, with a NAT rule, redirecting all DNS requests, NOT originating from the pi, to pihole. The result:
Therefore, I assume there is something wrong with your config, pihole and unbound are NOT the cause.
edit
in a discussion on a dutch forum, some people listed the required openwrt rules, required to achieve redirection:
I don't use openwrt, so I'm NOT able to verify this!
#keep network on pi-hole
iptables -t nat -I PREROUTING -i br-lan -p tcp --dport 53 -j DNAT --to 10.0.0.xx:53
iptables -t nat -I PREROUTING -i br-lan -p udp --dport 53 -j DNAT --to 10.0.0.xx:53
#punch DNS hole for pi-hole
iptables -t nat -I PREROUTING -i br-lan -p tcp -s 10.0.0.xx --dport 53 -j ACCEPT
iptables -t nat -I PREROUTING -i br-lan -p udp -s 10.0.0.xx --dport 53 -j ACCEPT
OR, consolidated version:
iptables -t nat -I PREROUTING -i br-lan -p tcp --dport 53 -s ! 10.0.0.xx -j DNAT --to 10.0.0.xx:53
iptables -t nat -I PREROUTING -i br-lan -p udp --dport 53 -s ! 10.0.0.xx -j DNAT --to 10.0.0.xx:53
/edit
Says: Anti-Spoofing Safety: Excellent
Same: "Anti-Spoofing Safety: Excellent"
Below is my custom firewall rules which I had added during setup, looks different that yours.
iptables -t nat -A PREROUTING -i br-lan ! -s 192.168.31.14 -p udp --dport 53 -j REDIRECT
iptables -t nat -A PREROUTING -i br-lan ! -s 192.168.31.14 -p tcp --dport 53 -j REDIRECT
iptables -t nat -A PREROUTING -i pppoe-wan -p udp --dport 53 -j REDIRECT
iptables -t nat -A PREROUTING -i pppoe-wan -p tcp --dport 53 -j REDIRECT
192.168.31.14 is my pihole
This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.