| ▲ | clbrmbr 15 hours ago | ||||||||||||||||||||||
What system do you use to get that level of visibility? | |||||||||||||||||||||||
| ▲ | VTimofeenko 14 hours ago | parent | next [-] | ||||||||||||||||||||||
Main data comes from unbound[1], I use vector[2] to ship and transform logs. Dnstap[3] log format IME works better than the standard logs, especially when it comes to more complex queries and replies. Undesired queries get 0.0.0.0 as a response which I track. Firewall is based on hand-rolled nftables rules. [1]: https://www.nlnetlabs.nl/projects/unbound/about/ [2]: https://vector.dev [3]: https://dnstap.info/Examples/ | |||||||||||||||||||||||
| ▲ | varenc 13 hours ago | parent | prev | next [-] | ||||||||||||||||||||||
Besides what others have said, another dead simple option is to use Nextdns: https://nextdns.io Doesn't require running anything locally and supports various block rules and lists and allows you to enable full log retention if you want. I recommend it to non-techies as the easiest way to get something like pi-hole/dnscrypt-proxy. (but of course not being self-hosted has downsides) edit: For Roku, DNS blocking like this only works if Roku doesn't use its own resolver. If it's like some Google devices it'll use 8.8.8.8 for DNS resolution ignoring your gateway/DHCP provided DNS server. | |||||||||||||||||||||||
| |||||||||||||||||||||||
| ▲ | nwellinghoff 11 hours ago | parent | prev | next [-] | ||||||||||||||||||||||
Pfsense firewall. There is a week long learning curve and it’s best to put it on dedicated hardware. | |||||||||||||||||||||||
| ▲ | mschuster91 15 hours ago | parent | prev [-] | ||||||||||||||||||||||
Replace your router's DNS with something like pi-hole or a bog standard dnsmasq, turn up the logging, that's it. Ubiquiti devices I think also offer detailed DNS logging but not sure. | |||||||||||||||||||||||
| |||||||||||||||||||||||