Re: [pfSense] Why no dnssec in dnsmasq by default?
On Sun, Aug 23, 2015 at 9:28 AM, Adrian Zaugg a...@ente.limmat.ch wrote: Adding the three lines dnssec dnssec-check-unsigned trust-anchor=.,19036,8,2,49AAC11D7B6F6446702E54A1607371607A1A41855200FD2CE1CDDE32F24E8FB5 to dnsmasq in pfSense makes dnsmasq dnsssec aware. Is there a reason why there is no tickable box to enable this in the GUI or why it is not enabled by default? Because that was only recently added to dnsmasq, and by the time it was, we'd switched to Unbound as the default resolver. You can add it in the advanced options. ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] Why no dnssec in dnsmasq by default?
Chris SIR, I m using squid and squid guard its working good but some important sites r not opening given message ip-addr target group i also make rule for that still have same issue. Also add to whitelist. If i m use internet without pfSense its open properly. Pls give any idea.. On Aug 25, 2015 12:05 AM, Chris Buechler c...@pfsense.com wrote: On Sun, Aug 23, 2015 at 9:28 AM, Adrian Zaugg a...@ente.limmat.ch wrote: Adding the three lines dnssec dnssec-check-unsigned trust-anchor=.,19036,8,2,49AAC11D7B6F6446702E54A1607371607A1A41855200FD2CE1CDDE32F24E8FB5 to dnsmasq in pfSense makes dnsmasq dnsssec aware. Is there a reason why there is no tickable box to enable this in the GUI or why it is not enabled by default? Because that was only recently added to dnsmasq, and by the time it was, we'd switched to Unbound as the default resolver. You can add it in the advanced options. ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] Internal Clock Broke
On 8/23/15 10:44 PM, Volker Kuhlmann wrote: On Mon 24 Aug 2015 16:22:04 NZST +1200, Brady, Mike wrote: It is not ticked on any (three) of the machines that I have just looked at. This is not something that I would have ever changed. Perhaps my memory is wrong and I did change mine. Why have an advanced option that stops the whole thing from working? Perhaps it's for locally connected clock sources. Sorry, I meant ntpq -n -c ass. ind assid status conf reach auth condition last_event cnt === 1 40532 8011 yesno nonerejectmobilize 1 2 40533 8011 yesno nonerejectmobilize 1 Yes, thanks muchly. If you're running a new enough NTP installation, additionally see the output of: ntpq -c apeers H ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] Access Point Recommendations?
UniFi is my choice. I have used it with pfsense with great success. Vlan capability gives extra configuration options. Best regards Kostas Sent from my iPhone On 24 Αυγ 2015, at 06:36, Volker Kuhlmann hid...@paradise.net.nz wrote: Does anyone have any recommendations for a/ac models, AP only, as is only radio, no router/switch stuff? Dumb is good, I use pfsense already and don't need more complexity in closed-source buggy devices. Single-RJ45 perfect, as soon as there are LAN and WAN ports the problems start (like everyone thinking the only secure way to configure the AP is over the wifi!). Thanks, Volker -- Volker Kuhlmannis list0570 with the domain in header. http://volker.top.geek.nz/Please do not CC list postings to me. ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] Why no dnssec in dnsmasq by default?
On Mon, Aug 24, 2015 at 1:19 PM, A Mohan Rao mohanra...@gmail.com wrote: Chris SIR, I m using squid and squid guard its working good but some important sites r not opening given message ip-addr target group i also make rule for that still have same issue. Also add to whitelist. If i m use internet without pfSense its open properly. Please don't hijack the thread. Post a new message for your question. db ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] Why no dnssec in dnsmasq by default?
Okey sorry for that but if u have any solution for my question pls post. Thanks On Aug 25, 2015 12:55 AM, David Burgess apt@gmail.com wrote: On Mon, Aug 24, 2015 at 1:19 PM, A Mohan Rao mohanra...@gmail.com wrote: Chris SIR, I m using squid and squid guard its working good but some important sites r not opening given message ip-addr target group i also make rule for that still have same issue. Also add to whitelist. If i m use internet without pfSense its open properly. Please don't hijack the thread. Post a new message for your question. db ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold