DNS Security and Adblock with OPNSense, Part 2


Now that we’ve secured our DNS, we can move on to improving the quality of our experience on the internet by configuring DNS ad blocking. With the 20.7 version of OPNSense it’s quite easy. Simply go to Services -> Unbound DNS -> Blacklist. Click Enable and select one or more items from the DNSBL drop down. Or if you prefer, paste the URLs of your preferred list in the URLs field. I prefer the Stephen Black list as it is composed of multiple lists and is also the default list for the Pi Hole. Click Save and you’re done.

Continue reading

DNS Security and Adblock with OPNSense, Part 1

If you’re not familiar with DNS, you can think of it as the contact list in your phone. You don’t remember anyone’s phone numbers. You just know their name and have the number stored in their contact entry. DNS is similar in that you just need to know the domain of a website and your computer will lookup the IP address of the site. Here is a primer that goes into a bit more detail.

With OPNSense, you can run a DNS resolver called Unbound. This will validate and cache DNS queries for your local network. It can improve your network performance but it’s usually not noticeable as your browser and other software generally have their own DNS cache. The real benefit of Unbound is that we can modify the DNS for the entire network to provide more security, privacy, and piece of mind.

Continue reading

Dual booting Windows 8 and encrypted Arch Linux

Now that I have Windows 8 installed on my desktop, I will be installing encrypted Arch Linux and dual booting between the two.  I have added more memory to the machine and am reusing the SSD from my original encrypted install.  Because I am dual booting and this machine supports UEFI I am electing to reinstall from scratch.  The new specs are as follows.

  • Intel i7-3770
  • Asus Sabertooth Z77
  • 2 x Corsair Vengeance 8GB
  • EVGA GTX 770 SC
  • Corsair HX 850
  • Corsair Obsidian 650D
  • Western Digital Black 1TB 3.5″ HDD
  • Kingston SVP100S2B 512GB SSD

Much of the install will be similar.  I will clarify the differences as they come up.  The first step in the process is to securely wipe the drive.  My preferred tool for this is Darik’s Boot And Nuke.  While DBAN does not guarantee SSD data removal, it does implement the US DoD 5220.22-M standard.  According to this paper that results in less than a 4.1% chance of recovering any data.  But in this case I am using dm-crypt to erase the drive by creating an encrypted container and filling it.  This provides the benefit of obscuring the upcoming usage patterns of the drive.  Either option is a lengthy process and best run overnight.

Continue reading

Installing encrypted Arch Linux on an SSD

This article will document the decisions and process of my building an Arch Linux desktop. Arch Linux is a rolling release distro. There are no specific releases as there are with Fedora, Ubuntu, etc. Due to this I will not be posting a step by step procedure. That is covered very thoroughly in the Beginners’ guide located on the Arch wiki. I will be discussing the choices that I make and why I make them.

I am re-purposing some hardware that I had laying around for this build.

  • AMD FX-6300
  • GA-78LMT-USB3
  • 2 x 8GB DDR3 1333
  • Kingston SVP100S2B 512GB SSD

Continue reading