-
Notifications
You must be signed in to change notification settings - Fork 20
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
DNS Blacklists for threat shield #6212
Comments
* api & ui: IP and DNS settings and analisys NethServer/dev#6212
FlashStart cannot operate while ftl (DNS blacklist) is enabled NethServer/dev#6212
DNS blacklist documentation for Threat shield NethServer/dev#6212 Co-authored-by: Filippo Carletti <filippo.carletti@gmail.com>
- gitignore: remove rpm and tar.gz - spec: require pihole-ftl - templates and events: implement DNS filter - cockpit: implement UI for DNS filter NethServer/dev#6212 Co-authored-by: Giacomo Sanchietti <giacomo.sanchietti@nethesis.it> Co-authored-by: Edoardo Spadoni <edoardo.spadoni@nethesis.it> Co-authored-by: Andrea Leardini <andre8244@gmail.com>
Test case 1
Test case 2
Test case 3
Test case 4
|
Users will have a sample repository to test the DNS blacklist. NethServer/dev#6212
Test case 1 Test case 2 Test case 3 Test case 4 |
Back to testing since pihole crashed under not so heavy load, the problem needs further investigation. Reported error:
This seems related to pi-hole/FTL#816 |
Do not restart ftl to avoid service interruption. The service can be reloaded using the following signals: - SIGRTMIN: just reload the lists - SIGHUP: flush DNS cache Both signals will NOT re-read any *.conf files. NethServer/dev#6212
When used as DNS proxy, ftl should be restarted by systemd if a crash occurs. NethServer/dev#6212
In testing:
|
Back to testing, let's see how it perform on a real environment |
NethServer/dev#6212 Co-authored-by: Giacomo Sanchietti <giacomo.sanchietti@nethesis.it>
When pihole-FTL.db contains many records the restart of ftl service takes long time and causing disruptions. To reduce restart time we add these configurations: - MAXLOGAGE to 1 hour - MAXDBDAYS to 7 days NethServer/dev#6212
In testing: |
No more crashed found, also the restart now takes about only 1 second. Verified. |
DNS blacklists would be a nice addition for threat shield module, cause they can be very effective and provide a greater protection for clients over the IP blacklists.
Proposed solution
Steps
The text was updated successfully, but these errors were encountered: