F
ForgottenSeer 823865
@valvaris are you working for eBlockler or are you an enthusiast of this vendor? 
[Privacy-Blockers] - Application / OS / Lists
- Thread starter valvaris
- Start date
@Umbra "hobbyist" because I can not find another project that works with pattern files that you can edit yourself or use with https inspection. My true goal is to offload as much from my pc to the network and protect all devices not just one ^^
Sincerely
Val.
My true goal is to offload as much from my pc to the network and protect all devices not just one ^^ Sincerely
Val.
--------------------UPDATE 12-01-2020-------------------
From today on I am a (eBlocker) contributor.
That does not mean that I will "fanboying" this product like a boss! I am open to all projects.
It just seams fair to the MalwareTips-Community that they know about my standing to eBlocker and understand if I try to protect this product a little more then the others. Of course the time spent to collaborate with other devs. from the eBlocker Team.
I still want to try out other solutions / projects and my mix match project is still on the go. (eblocker / Pi-Hole combo Https Pattern and DNS unbound server) Just waiting for the eBlocker Raspberry 4 update.
Sincerely
Val.
From today on I am a (eBlocker) contributor.
That does not mean that I will "fanboying" this product like a boss! I am open to all projects.
It just seams fair to the MalwareTips-Community that they know about my standing to eBlocker and understand if I try to protect this product a little more then the others. Of course the time spent to collaborate with other devs. from the eBlocker Team.
I still want to try out other solutions / projects and my mix match project is still on the go. (eblocker / Pi-Hole combo Https Pattern and DNS unbound server) Just waiting for the eBlocker Raspberry 4 update.
Sincerely
Val.
Last edited:
I think that's great. You might post re: your collaboration on your security thread. if you decide to post one. Definitely on your MT Profile.
I'm considering eBlocker for the future but Raspberry Pi 4s are in short supply here. I really admire those folks working to re-build it.
From today on I have configured my Pi-hole to my "raspberry pi 4b" - could not wait...
What I did?
Clean Pi-hole install
Tested Pi-hole DNS directly with Quad9 Uplink DNS Server
Installed and Configured - Unbound - Recursive DNS Server and Signatures
Looped the DNS Querys back from Unbound to PI-hole
Like this all DNS Querys hit the Pi-hole and it makes a direct request to the Root-DNS-Servers plus Signature chain. (DNSSEC)
Pi-hole unbound instructions -> Pi-hole as All-Around DNS Solution - Pi-hole documentation
Example DNS Query:
PC----> eblocker -----> Pi-hole <---> Unbound (Service Local on Pi-hole) ---> Router ----> ISP--->RootDNSServers if not cached by Pi-hole
Best part out of it is that I do not need to rely on services like cloudflare, quad9 and google to function since I request directly from the root servers.
DNSSec works too!
eBlocker is setup to have the Pi-hole as the Uplink server and disabled all Domain Blocklists since Pi-hole will take care of that part by itself and I am able to see what domains are "bogus" or "insecure". Now the added advantage is the following with eBlocker...
HTTPs Inspection --- goes to Pattern Files ---- that forwards unblocked querys to the DNS (Pi-hole) ---- that checks if the Domains are Blacklisted and allows/denys that query ---- verfiys DNSSEC ------ So you have the best of two worlds HTTPS Inspection from eBlocker and DNSSec, RecursiveDNS, Domain / Regex Blocklist from unbound/Pi-hole.
Best regards
Val.
What I did?
Clean Pi-hole install
Tested Pi-hole DNS directly with Quad9 Uplink DNS Server
Installed and Configured - Unbound - Recursive DNS Server and Signatures
Looped the DNS Querys back from Unbound to PI-hole
Like this all DNS Querys hit the Pi-hole and it makes a direct request to the Root-DNS-Servers plus Signature chain. (DNSSEC)
Pi-hole unbound instructions -> Pi-hole as All-Around DNS Solution - Pi-hole documentation
Example DNS Query:
PC----> eblocker -----> Pi-hole <---> Unbound (Service Local on Pi-hole) ---> Router ----> ISP--->RootDNSServers if not cached by Pi-hole
Best part out of it is that I do not need to rely on services like cloudflare, quad9 and google to function since I request directly from the root servers.
DNSSec works too!
eBlocker is setup to have the Pi-hole as the Uplink server and disabled all Domain Blocklists since Pi-hole will take care of that part by itself and I am able to see what domains are "bogus" or "insecure". Now the added advantage is the following with eBlocker...
HTTPs Inspection --- goes to Pattern Files ---- that forwards unblocked querys to the DNS (Pi-hole) ---- that checks if the Domains are Blacklisted and allows/denys that query ---- verfiys DNSSEC ------ So you have the best of two worlds HTTPS Inspection from eBlocker and DNSSec, RecursiveDNS, Domain / Regex Blocklist from unbound/Pi-hole.
Best regards
Val.
Last edited:
Pretty sure that's true out-of-the-box which is the context of what they saidBlocking phishing and malware domains: AdGuard Homevs PiHole
Thank you @security123 for providing the Link - First post of this topic has been updated.
Best regards
Val.
Best regards
Val.
Project Update and Experience
The Project was to have an eBlocker go to a Pi-Hole (Uplink DNS) and that one to Unbound to have a direct recursive DNS route to the Root DNS Servers. With features enabled like DNSsec for SSL Chain Verification and Monitoring.
How was the Setup?
Have to say super easy Pi-hole has a very well documented website and the installation and preparation for Unbound was awesome.
The Performance?
A little meh... at first until the DNS requests were cached and then wooow it was fast. But still the performance could be allot better if eBlocker was Raspberry 4 compatible... (More Processing Power and 1Gbit/Ethernet Interface) - Reason is that HTTPS Inspection costs allot of horsepower and since the device acts as a gateway all traffic goes thru that first (Raspberry 3 - 100Mbit/Ethernet Interface)... -.-
Conclusion
Nice to have but needs allot of fine tuning (eBlocker Raspberry 4 Support) and Whitelisting of URLs needed for eBlocker (Desktop Apps & Smartphone Apps that do not like to be SSL Inspected) - Plus the added administration of Pi-hole DNS Query's.
Sincerely
Val.
P.S. ATM I run Adguard Home DNS with Unbound and wait for it ...... DNSsec - Yap got it to work without a certificate on the Adguard somehow?!
The Project was to have an eBlocker go to a Pi-Hole (Uplink DNS) and that one to Unbound to have a direct recursive DNS route to the Root DNS Servers. With features enabled like DNSsec for SSL Chain Verification and Monitoring.
How was the Setup?
Have to say super easy Pi-hole has a very well documented website and the installation and preparation for Unbound was awesome.
The Performance?
A little meh... at first until the DNS requests were cached and then wooow it was fast. But still the performance could be allot better if eBlocker was Raspberry 4 compatible... (More Processing Power and 1Gbit/Ethernet Interface) - Reason is that HTTPS Inspection costs allot of horsepower and since the device acts as a gateway all traffic goes thru that first (Raspberry 3 - 100Mbit/Ethernet Interface)... -.-
Conclusion
Nice to have but needs allot of fine tuning (eBlocker Raspberry 4 Support) and Whitelisting of URLs needed for eBlocker (Desktop Apps & Smartphone Apps that do not like to be SSL Inspected) - Plus the added administration of Pi-hole DNS Query's.
Sincerely
Val.
P.S. ATM I run Adguard Home DNS with Unbound and wait for it ...... DNSsec - Yap got it to work without a certificate on the Adguard somehow?!
Hello MalwareTips-Community,
Now the embargo is lifted and news can be shared:
eBlocker is now on Github -> eblocker - Overview
Have a nice - Safer Internet Day - Got the official statement only in (German) -> LINK
Sincerely
Val.
Now the embargo is lifted and news can be shared:
eBlocker is now on Github -> eblocker - Overview
Have a nice - Safer Internet Day - Got the official statement only in (German) -> LINK
Sincerely
Val.
You may also like...
-
Pop!_OS 24.04 LTS Released with New COSMIC Desktop- Started by lokamoka820
- Replies: 6
-
Google's 7-year slog to improve Chrome extensions still hasn't satisfied developers- Started by oldschool
- Replies: 9
-
-
-
How “test your adblocker” websites can harm users and the adblocker ecosystem
- Started by brambedkar59
- Replies: 4
