Search found 4177 matches

by MichaelTremer
April 20th, 2019, 7:15 pm
Forum: Generelle Fragen
Topic: OT: Erreichbarkeit des Forums
Replies: 30
Views: 1112

Re: OT: Erreichbarkeit des Forums

Dann brauche ich nun wirklich mehr Details... Einen DNS-Trace oder sowas um zu sehen wo es hängt...
by MichaelTremer
April 18th, 2019, 2:34 pm
Forum: IPFire in General
Topic: Is it possible to disable DNSSEC?
Replies: 45
Views: 5288

Re: Is it possible to disable DNSSEC?

Hi, this will be my last response in this thread: There is no way to make IPFire intercept HTTPS. The world is rolling out TLS 1.3. Say goodbye to SSL interception. You can (and should) use the proxy to match against blacklists if you want to filter access - for whatever reason. Apart from it becomi...
by MichaelTremer
April 18th, 2019, 12:08 pm
Forum: IPFire in General
Topic: Is it possible to disable DNSSEC?
Replies: 45
Views: 5288

Re: Is it possible to disable DNSSEC?

I think that I have made this very clear on a number of occasions: * DNS forwarding is for split-horizon DNS setups where you have a local DNS zone that overlays a public one. Often those zones are not signed and that is why this can now be disabled. * Disabling DNSSEC globally is a very bad idea. I...
by MichaelTremer
April 18th, 2019, 11:13 am
Forum: IPFire in General
Topic: Is it possible to disable DNSSEC?
Replies: 45
Views: 5288

Re: Is it possible to disable DNSSEC?

tikok974 wrote:
April 18th, 2019, 10:48 am
I don't have a procedure to apply that works since it's not documented anywhere :(
It is not meant to be disabled.
by MichaelTremer
April 18th, 2019, 10:22 am
Forum: IPFire in General
Topic: Is it possible to disable DNSSEC?
Replies: 45
Views: 5288

Re: Is it possible to disable DNSSEC?

So... the "DNSSEC disable" option in the "DNS Forwarding" menu is useless ... because the fact of having activated it does not allow me to use the DNS of DNSfilter provider (which does not have the DNSSEC function activated) since Unbound rejects them despite the activated option ! This does someth...
by MichaelTremer
April 18th, 2019, 9:52 am
Forum: IPFire in General
Topic: Is it possible to disable DNSSEC?
Replies: 45
Views: 5288

Re: Is it possible to disable DNSSEC?

Hi, OK...so in fact...if I understand correctly...it's our Ipfire that is our main DNS server... but the requests are not slower in this mode ? No, why? Could this be because we are in "transparent proxy" mode and in our Squid configuration (file /etc/squid/squid.conf), the addresses of our DNS prov...
by MichaelTremer
April 18th, 2019, 9:31 am
Forum: IPFire in General
Topic: Is it possible to disable DNSSEC?
Replies: 45
Views: 5288

Re: Is it possible to disable DNSSEC?

The recursor mode will query the global authoritative DNS servers. If you want to resolve "ipfire.org" it will go to the root zone first, find out which servers are responsible for "org", the go to the "org" servers, find out who is responsible for "ipfire.org" and then ask the "ipfire.org" servers....
by MichaelTremer
April 18th, 2019, 9:25 am
Forum: IPFire in General
Topic: Communication between machine on dfferent vLans through ipFire machine
Replies: 1
Views: 85

Re: Communication between machine on dfferent vLans through ipFire machine

Hi,

you don't need a proxy for this. Just firewall rules. Did you configure "Access on BLUE"?
by MichaelTremer
April 18th, 2019, 9:24 am
Forum: Development
Topic: Different script for mobile vpn (.ovpn creation).
Replies: 2
Views: 553

Re: Different script for mobile vpn (.ovpn creation).

Hey,

I guess this script is no longer relevant, because you export this type of configuration from the Web UI for some time now.
by MichaelTremer
April 18th, 2019, 9:23 am
Forum: Addons
Topic: nginx (statt Pound) als Reverse-Proxy gelöst ;-)
Replies: 5
Views: 153

Re: nginx (statt Pound) als Reverse-Proxy gelöst ;-)

Hat es bei Dir noch nicht mal für eine freundliche Antwort gereicht ? Für Hilfe bei meiner Testumgebung hatte ich etliche Wochen gebettelt, dass mir einer vom Forum helfen könnte, aber dabei hattest gerade DU Deinen Schnabel gehalten und gehofft, dass Andere helfen würden. ;-) Die Arbeit mit letsen...
by MichaelTremer
April 18th, 2019, 9:18 am
Forum: IPFire in General
Topic: Max allowable attachment size for this forum
Replies: 1
Views: 66

Re: Max allowable attachment size for this forum

Yeah that should be okay, but the upload functionality might be broken - because this forum software is a bit.. err.. buggy.

You can use the no paste service and link your attachment: https://nopaste.ipfire.org
by MichaelTremer
April 18th, 2019, 9:14 am
Forum: IPFire in General
Topic: Is it possible to disable DNSSEC?
Replies: 45
Views: 5288

Re: Is it possible to disable DNSSEC?

My "/etc/sysconfig/unbound" is empty and in the Ipfire GUI.... on the home page, in front of DNS Server, I have the mention " Local Recursor " which appears instead of the @IP of DNSfilter ! However, in my Dashboard at DNSFilter I can still see that requests are coming in...despite the attention me...
by MichaelTremer
April 16th, 2019, 4:10 pm
Forum: IPFire in General
Topic: OpenVPN n2n / site 2 site feature broken
Replies: 9
Views: 276

Re: OpenVPN n2n / site 2 site feature broken

You got any more logs and configuration?
by MichaelTremer
April 16th, 2019, 3:17 pm
Forum: IPFire in General
Topic: Is it possible to disable DNSSEC?
Replies: 45
Views: 5288

Re: Is it possible to disable DNSSEC?

Did you try this viewtopic.php?f=27&t=20478#p115078?

I have no idea what the point of the patch is. It does not make sense that the test on the DNS servers is performed and then the result is thrown away. This patch has never been submitted to the IPFire developers.
by MichaelTremer
April 16th, 2019, 12:44 pm
Forum: IPFire in General
Topic: Is it possible to disable DNSSEC?
Replies: 45
Views: 5288

Re: Is it possible to disable DNSSEC?

I am not really sure how I can make this any clearer why this is such a bad idea. When you suggest to disable DNSSEC that sounds similar to "let's disable the firewall stuff, because it is all easier when we don't have to configure rules". This is fundamentally bad. DNSSEC is a globally accepted and...