Storing unbound(8) logs into InfluxDB

I’m using unbound(8) on OpenBSD to block Ads. In the logs, I can see which domains were queried and blocked ; but I like to have a more graphical overview of whats happening over weeks. So I stole a few ideas from the Pi-Hole Web Interface, routed the logs to InfluxDB via syslog-ng and rendered statistics using Grafana.

Continue reading “Storing unbound(8) logs into InfluxDB”

Blocking Ads using unbound(8) on OpenBSD

The Internet is full of Ads and Trackers. Some of them are useful to monetize free content. Some are used in a non-ethical manner. Savvy users will configure Ad-Blocker on their Web browser. Others won’t. Most Appliance and IoT modules won’t allow third-party blocking addons.

Here’s how to add an extra layer of privacy using OpenBSD and its unbound(8) DNS resolver.

Continue reading “Blocking Ads using unbound(8) on OpenBSD”

Monitoring unbound(8) using Net-SNMP, Telegraf, InfluxDB and Elasticsearch

I’ve enabled an OpenBSD unbound(8) daemon that is used as a central DNS cache resolver. Now I needed to know what it was doing and how it performed. The question was answered grabbing statistics from unbound and render them using Grafana.

The whole monitoring stack is composed of Net-SNMP, Telegraf and InfluxDB for the metrics part ; and syslogd(8), Logstash and Elasticsearch for the logs part. Of course, most of those run on OpenBSD (6.3) ; except Telegraf, which is not available (yet).

Continue reading “Monitoring unbound(8) using Net-SNMP, Telegraf, InfluxDB and Elasticsearch”

Force OpenBSD to use unbound(8) DNS resolver in DHCP client mode

By default, a DHCP client gets an IP address, a network gateway and a DNS server. That’s fine most of the time. But if you own an OpenBSD cloud instance that has to use DHCP to get online, you might not be satisfied with the domain-name-servers option provided by your DHCP server. Hopefully, OpenBSD provides an easy way to force your DNS:

# viĀ /etc/dhclient.conf
prepend domain-name-servers;

Since then, OpenBSD will use our DNS resolver. Which is… unbound(8)

# rcctl enable unbound
# rcctl start unbound

Note that this configuration allows to use the DNS server provided by the DHCP server as a fallback.