DNS

How to Configure DNS over HTTPS (DoH) Using DNSCrypt-Proxy in OPNsense

How to Configure DNS over HTTPS (DoH) Using DNSCrypt-Proxy in OPNsense

Add more privacy by encrypting your DNS queries!

Historically, DNS is a service that was designed to be unencrypted. Whenever a device from your network is trying to go to a web address, it needs to determine the IP address of the website in order to access it. With the increasing levels of tracking and data sharing/selling, a growing awareness that having DNS traffic unencrypted is not a good idea from a privacy and security standpoint. ISPs and other entities are able to know which sites you visit even if all of your web traffic is encrypted.
How to Configure Split DNS in OPNsense using Unbound DNS

How to Configure Split DNS in OPNsense using Unbound DNS

Want local users to use your internal IP address rather than the external address?

On my home network, I host a few public facing services that my family and I make use of when away from home such as Plex Media Server. On Plex I have limited the bandwidth remote users may use to be slightly less than the maximum of my upload speed so my home network is still usable. I am using my own registered domain name which I use to refer to devices on my network (both internally and externally, which you can read more about with another article I wrote).
Use Your Own Domain Name in Your Home Network with OPNsense

Use Your Own Domain Name in Your Home Network with OPNsense

Would you like to use your own domain name on your internal home network?

One nice thing about utilizing more advanced router features is that you can do neat things such as using your own domain name in your home network. This allows you to refer to devices on your network by using the device name/hostname followed by the domain name. For instance, server.homenetworkguy.com could refer to a host named “server” that exists on the network using the domain name “homenetworkguy.com”. Of course, depending on your configuration, you could just use the hostname “server” to access various services on your device(s) such as a fileshare, which will be shorter than including the domain name.
Network-Wide DNS Blocking of Advertising, Telemetry, and Malicious Domains

Network-Wide DNS Blocking of Advertising, Telemetry, and Malicious Domains

Configure the DNS Settings in OPNsense to use Pi-hole

In my home network I wanted to set up a dedicated Pi-hole installation so that I could have network-wide ad blocking. Additionally, I could reduce the telemetry/tracking performed by applications and operating systems as well as potentially block malware. Pi-hole provides the ability to view the DNS traffic on my network on a per device basis, which may present valuable insight in detecting unusual activity on the network. While OPNsense can be configured to provide DNS blocking, I really like the graphs and logging of Pi-hole.
How to Use Pi-hole DNS with VLANs

How to Use Pi-hole DNS with VLANs

Configure the OPNsense firewall settings for multiple VLANs using the Pi-hole service

Setting up the Pi-hole DNS service is relatively straightforward on your home network. When you have VLANs configured, the setup is slightly more complicated. The issue is that you need to ensure that all of your VLANs have access to the Pi-hole server which is located on a different network (ideally, it should probably be located in your management VLAN to protect it from being accessed by your other network devices).