Recent content by Christos

I had exactly the same issue with delays on Adguard with Opnsense (not pfsense). I gave up and using unbound with blocklists.

Why not looking for an all-in-one solution like the UniFi Express 7 ?

HaGeZi's Pro++ may cause some false blocks.

Opnsense just released this week a major update with BSD 14 (moving from BSD 13), maybe it is a good chance to give it a try.

This is a malware domain, blocked by Mastercard. Use dig command to see which dns providers actually block this malicious domain. (OpenDNS free plan does not block it, while Cisco Umbrella paid tier, blocks it as malware) For example dig a4p.adpartner.pro @9.9.9.9

Also supports TLS, for those who use Unbound and android devices. tls://208.67.222.222 tls://208.67.220.220

We are out of topic, but since we are talking about dns, I would post my thoughts: Cisco Umbrella/Opendns: +Spend the most money on dns infrastructure than anyone else +Don't add any experimental features -Have no malware blocking on the free tier. Google DNS: +Many locations and good...

You can set Domain Overrides on Unbound, so you will use other dns servers for these domains that get blocked. I'm saying this because you may face blocks using other dns services too.

Every list that is included in a BIG list that you may already use.

Some lists (like OISD Big and Hagezi++) include many other lists. Adding those lists is a waste of memory and cpu.

the return packets will be allowed because it is a stateful firewall and if a packet is allowed to leave, the reply is also allowed to pass.

DNS resolver seems faster and more reliable. I've been using unbound in this mode for the past 3-4 months and don't plan to change it.

Some channels can transmit at higher power than others, due to local regulations. For example if you compare a channel higher than 100 with channel 36, the later range will be reduced significantly. When comparing 2 APs, use the exact same channel.

Zyxel Nebula offers a free license that is more than enough for 3-4 APs.

Do you need a guest VLAN? I have a "not trusted" VLAN with devices that don't get software updates and also guests.