IPfire can only connect to public or ISP DNS resolver. It uses unbound but that unbound cannot be switched to “standalone mode”, it is configured as DNS forwarder.
I see you have some recommendations/policy for public DNS servers and even well known public DNS services like OpenDNS or Quad9 are on “banned” list.
Maybe, the best recommendation could be to run Unbound on IPfire in standalone mode as recursive resolver. Why is this option not supported in IPfire?
@pslpsl Hi, if you run a DMZ directly from the Internet provider modem/router, you should be able to bypass ISP DNS restrictions, This if the ISP modem router doesn’t allow the change!. For me worked that way when once in a very difficult DNS bypass by ISP.
Regards G70P
I believe that it is just good idea to connect over TLS to some public DNS resolver. The standalone mode is good when something is broken or if someone wants to do DNS resolving in the old way…
I assume that DNS recursive mode will not work in the case that ISP uses DNS hijacking; to protect inexperienced users from malware attack or to enforce government rules for censorship…
Lynis warns about standalone features that must be take into attention and be fixed for a safe use. If it works well then just missing the TLS control pepe was talking in other post. But I’m not a programmer and better be safe then sorry. so no touching standalone as I do not know what that will break. Yep Snowden problem is everywhere