Suggestion. DNS

I find the DNS on IPFire rather limited and broken.

The DNS from my ISP, offered by default fails the reverse name check so is ‘Broken’ by design.

I can add external DNS but this seems to lack features and configuration options.

I already have a working internal DNS, but that won’t work put pf the box as it can’t do lookups without an upstream working DNS to provide recursion in order to bootstrap it.

I can work round all this, but a simple solution would be to replace the DNS and DHCP in IPfire with Technitium DNS via its API.

Suggestion: ship Technitium within IPFire and integrate it into the UI.

Two easy questions:

  • What is broken with the Unbound DNS resolver in your IPFire installation?
  • How do you want to realize the DHCP server with Technitium? I didn’t find that mentioned in the description.

BTW: Ads blocking with DNS is possible with Unbound also. It is called RPZ, and a bunch of users are evaluating the integration into IPFire at the moment.

2 Likes

IPFire’s DNS is not broken. It works perfectly on 3 different IPFires I maintain. You can use the ISP’s DNS or disable it and choose any DNS servers you prefer. You can also configure DNS over TLS as well as write a firewall rule that forces all devices on the network to use IPFire’s DNS so they can’t bypass IPFire with their own local settings. It works perfectly. And I don’t even consider it limited. It’s fully functional. Maybe it doesn’t have the bonus features you want from Technitium, but that does not mean it is broken or limited.

2 Likes

Take a look at Technitium, then tell me how to implement everything that can do on IPFire

Then by your definition, any router or firewall that does not directly support Technitium is broken and limited.

If you are having issues with IPFire, explain the issue and ask questions, rather than drop derogatory bombs as if you are an authority on IPFire and we are supposed to scramble to make things right in your eyes.

1 Like

I had a look at Technitium. At a first glance, I didn’t find anything that Unbound doesn’t implement also.
The only difference is the API bound to the web interface. But, IMO, this isn’t a disadvantage of Unbound ( in terms of security ). If the API is implemented through a library, you have to write a program that must conform to the IPFire program generation and loading process. This process includes the revision of the code by devs and other users.