Hugga Wugga
New Around Here
A few noob questions...
If I used dns filtering to point a client to another DNS, say NextDNS for example, would this filtering be done within DNSMasq? If so, does this mean that they'd still be able to take advantage of diversion?
Is diversion overkill if I had a few blocklists but actually had no interest in blocking adverts? I'm actually looking at supplementing the parental filter and filters supplied by NextDNS. Is there a more appropriate solution (that ideally supports wildcards)?
How does the wildcard blacklist work in diversion? Is it possible to use it to simply block keywords in a URL such as *porn* ? Is it possible to do this directly in DNSMasq or is it a feature specific to diversion?
How does the URL Filter in the firewall page fit in? Does this work also for devices specified in the DNS Filter that point to another DNS server? Is it possible to be more selective in which clients it applies to, or can it only be a global setting?
Does Skynet use it's blocklists to block incoming AND outgoing? or just incoming? If I wanted to block specific MAC addresses from accessing a set of IP addresses defined in an ipset, is this something I'd have to manually add, and outside the scope of Skynet?
Would additional IPTables rules survive reboot or do they need adding to a script somewhere?
Does DNSMasq cache DNS? If so then how does this work with something like the NextDNS client. The client apparently has the ability to identify individual devices and send them off to the appropriate configured filter (eg on NextDNS, I may have one configuration with all the filters set and a 2nd configuration with very little set). But if DNSMasq sits in front of that and is caching, doesn't that mean that devices will sometimes be able to access sites that should have been blocked at the next level? (hopefully that made sense!)
If anyone knows the answer to some or all of these off the top of their head, it would be much appreciated
If I used dns filtering to point a client to another DNS, say NextDNS for example, would this filtering be done within DNSMasq? If so, does this mean that they'd still be able to take advantage of diversion?
Is diversion overkill if I had a few blocklists but actually had no interest in blocking adverts? I'm actually looking at supplementing the parental filter and filters supplied by NextDNS. Is there a more appropriate solution (that ideally supports wildcards)?
How does the wildcard blacklist work in diversion? Is it possible to use it to simply block keywords in a URL such as *porn* ? Is it possible to do this directly in DNSMasq or is it a feature specific to diversion?
How does the URL Filter in the firewall page fit in? Does this work also for devices specified in the DNS Filter that point to another DNS server? Is it possible to be more selective in which clients it applies to, or can it only be a global setting?
Does Skynet use it's blocklists to block incoming AND outgoing? or just incoming? If I wanted to block specific MAC addresses from accessing a set of IP addresses defined in an ipset, is this something I'd have to manually add, and outside the scope of Skynet?
Would additional IPTables rules survive reboot or do they need adding to a script somewhere?
Does DNSMasq cache DNS? If so then how does this work with something like the NextDNS client. The client apparently has the ability to identify individual devices and send them off to the appropriate configured filter (eg on NextDNS, I may have one configuration with all the filters set and a 2nd configuration with very little set). But if DNSMasq sits in front of that and is caching, doesn't that mean that devices will sometimes be able to access sites that should have been blocked at the next level? (hopefully that made sense!)
If anyone knows the answer to some or all of these off the top of their head, it would be much appreciated