Search results
-
Ipv6 or not ipv6?
Android devices do not support DHCPv6 and they will not get a v6 address if you use it. I use only stateless in my LAN. Also check first if your router's firewall support separate rules for IPv6. If you create a new rule, does it ask you if it is v4 or v6? If not, then stay with IPv4 until you... -
Using pfSense with a L3 core switch
They must be on the same VLAN, as well. If not, then the traffic goes through the firewall if there is a L2 switch. An L3 switch connects VLANS. I guess that @coxhaus has his NAS on a separate VLAN. -
Ipv6 or not ipv6?
Has anyone heard of a security incident that was caused due to IPv6 or has helped hackers in any way/ -
Ipv6 or not ipv6?
I guess that you get more efficient routing with IPv6, by avoiding the NAT bottlenecks. Also with IPv4 your router is targeted more easily, as nowadays any IPv4 address is used and hackers using bots can find targets in seconds to attack. With IPv6 you are hidden inside a vast number of unused... -
Using pfSense with a L3 core switch
I agree with @sfx2000 Snort is more noise than "signal" nowadays with everything encrypted. I am focused on DNS protection on my home. First of all to block ads without breaking sites and apps. OISD Blocklist is the best I have found so far. Then I'm trying to find a single licence for Cisco... -
Using pfSense with a L3 core switch
See this discussion about trim https://forum.opnsense.org/index.php?topic=18588.0 -
Using pfSense with a L3 core switch
This is true. Most -consumer- firewalls keep dnsmasq because they use it for DHSP alongside with dns. But with pfsense this is not the case, as it uses ISC DHCP. They can remove dnsmasq anytime. -
Using pfSense with a L3 core switch
pch.net is one of the three major sponsors of quad9 https://www.pch.net/ The reason I'm not using quad9 is because Akamai blocks their EDNS Client Subnet (ECS) functionality, so when you are using quad9 you are not sent to the closest Akamai server. Akamai has caching servers inside my ISP and... -
-
Using pfSense with a L3 core switch
https://dnsleaktest.com/ will help you see what happens. -
-
Internet connection via PPPoE for 5-10Gb
Another idea is to virtualise pfsense and run 1 virtual machine for each core of the cpu (for example run 4 instances), so you can make more ppoe connections if your ISP let you do it. -
Internet connection via PPPoE for 5-10Gb
Why don’t you use your ISP’s device to do the ppoe connection, then connect your router with DHCP. -
Using pfSense with a L3 core switch
1ms comes from cache. For better results, use a random non-existent domain like "sfvafvwr3-454352.com" that cannot come from cache. -
Using pfSense with a L3 core switch
180ms is due to dns encryption, but it is not that big to cause problems. Also, since you use 9.9.9.9 as dns on laptop and still have the problem, it is not pfsense related. -
Using pfSense with a L3 core switch
I suggest to use encrypted DNS as well, as with Serve Expired feature you will not see any delay due to the encryption. You will be served instantly from cache. Just check “Use ssl/TLS for outgoing DNS” on unbound and put this hostname next to each quad9 IP: “dns.quad9.net” -
Using pfSense with a L3 core switch
"Serve Expired" works both in forwarding and resolver mode. Let's say, instagram.com has a DNS TTL (time to live) of 300 seconds. So, this record can live in cache for 300 seconds and it is served to clients for this amount of time. With unbound and pfsense, you can manipulate this behaviour... -
Using pfSense with a L3 core switch
If you want your dns queries to be encrypted over http or tis, you need unbound as forwarder. Also, if you need the security lists (protection) of Quad9 and Cisco umbrella, then you need unbound as forwarder to these dns providers. In other cases, unbound works fine as a resolver. -
Using pfSense with a L3 core switch
This is the max time for cache. Most sites use dns records that expire very shortly, like after 300 seconds. After a dns record is expired OR after max time for cache has passed, the dns record is deleted from cache. What you are looking for is the "serve stale" option on Unbound, that always... -
Using pfSense with a L3 core switch
Unbound will use these settings only if Enable Forwarding Mode is checked. Otherwise it will resolve domains by itself.