I try to manage pihole and ipfire in the best way and while doing it, I understood that ipfire also can use unbound (so I can just deactivate unbound on pihole and use ipfire as upstream DNS). But when I activate unbound or recursor mode on ipfire by deactivating the DNS servers I can not get any connection (also if I use ipfire directly as DNS server - no pihole).
FW-logs show me strange dropped connections to external and internal IPs which I did not set ( so they do not exist for me). If I activate some DNS servers and leave the recursor mode, these strange connections seem to be gone.
Does this behavior have to do with the recursor mode? Does recursor mode make some internal virtual random servers for its needs or smth like that? Do I need a firewall rule for that mode?
It could be that the strange IP’s you see are the names of name servers that IPFire is trying to contact. Why they are getting blocked I don’t know. Are you using the IP Blocklist. Could some of those IP’s be in an IP blocklist.
If you check the source of the IP’s do they resolve to a name server or to what?
Ah, I forgot that I block outgoing traffic of the ipfire itself and allow it just to the update server and DNS server. So I must make a rule for these outgoing connections. But I suppose that there are a lot of server ipfire connects in recursor mode, isn’t it?
I read about it and read the blog posting above. Difficult question about what is better, to trust the chosen DNS-TLS provider or to trust the com/org/de provider. What is known about the providers of the server for such 1. level domains as org/com/de and so on? Who owns and manages such nameserver?