Closed andrerferreira closed 1 year ago
andrerferreira
commented
1 year ago I get a ERR_CONNECTION_REFUSED when trying to reach the webserver. I'll have a look tomorrow during the day. But dig queries look good Browser attempt to get to a block adult address, returned: SSL_ERROR_NO_CYPHER_OVERLAP. I'm guessing config issue
Homas
commented
1 year ago Usually there is a difference in default packages, libraries and configurations in between of different OS releases. So something can be broken or work as not expected. It should be handled with the installation script.
Right now I'm working on a container (with composer) deployment model and likely after that will update the script to support Ubuntu 22.
I was actually looking to EoS support for Rapbian but can reconsider that if there will be some demand.
andrerferreira
commented
1 year ago Support 11 and I'll help spread the word. I’ll do a small presentation on it and write an article 4 hackernoon. Then when 12 comes, you look at usage stats and decide if the effort is worth it.
As I don't see an easy way to instal 10 with fresh instals, this complicates the process for home users. The simpler the process the wider de adoption.
Suggestion: Can we have any not resolved/blocked redirected to a website page, rather than a website home page? Offer a default template that states blocked and then let user change it? This would provide more clarity for the non tech home user IMHO. I can imagine my wife calling me telling me the Internet is broken, me having to investigate and then figuring out it's a blocked resolution. The challenge, as I understand it, is how to get from a CNAME to do the webpage. Well, can the GUI not handle any requests flagged and display the page? This would remove the configuration step for the domain.
I’ll see if I can debug this deployment by myself now... don't keep your hopes up xD, I may need your help
andrerferreira
commented
1 year ago aferreira@raspberrypi:~ $ sudo service nginx restart Failed to restart nginx.service: Unit nginx.service not found. aferreira@raspberrypi:~ $ sudo service --status-all [ - ] alsa-utils [ + ] avahi-daemon [ + ] bluetooth [ - ] console-setup.sh [ + ] cron [ + ] dbus [ + ] dphys-swapfile [ + ] fake-hwclock [ - ] hwclock.sh [ - ] keyboard-setup.sh [ + ] kmod [ + ] named [ + ] networking [ - ] nfs-common [ - ] paxctld [ + ] php7.4-fpm [ + ] procps [ + ] raspi-config [ + ] rng-tools-debian [ - ] rpcbind [ - ] rsync [ + ] rsyslog [ + ] ssh [ - ] sudo [ + ] triggerhappy [ + ] udev
aferreira@raspberrypi:~ $ ps -A | grep fpm 507 ? 00:00:04 php-fpm7.4 573 ? 00:00:00 php-fpm7.4 574 ? 00:00:00 php-fpm7.4
aferreira@raspberrypi:~ $ ls -lha /opt/rpidns/www ls: /opt/rpidns/www: No such file or directory
aferreira@raspberrypi:~ $ mkdir -p /opt/rpidns/www; chown www-data:www-data /opt/rpidns/www mkdir: /opt/rpidns: Permission denied chown: www-data: illegal group name ls -lha /opt/rpidns/www ls: /opt/rpidns/www: No such file or directory
As the script is ran as root, it should be fine with the above no? May i missed some output. Going to clean up and try all the installation again to make sure (it was late yesterday)
Curiosity question, why do you need apache2-utils if you use nginx? in ioc2rpz_community_install.sh line 346 apt-get -q -y install php-fpm git openssl sqlite php-sqlite3 apache2-utils If for compilation only, a clean up step after to remove it?
andrerferreira
commented
1 year ago dpkg: error processing archive openresty_1.15.8.1-1_arm64.deb (--install): package architecture (arm64) does not match system (armhf) Errors were encountered while processing: openresty_1.15.8.1-1_arm64.deb E: Unable to locate package openresty aferreira@raspberrypi:~ $ apt-cache search openresty knot-resolver - caching, DNSSEC-validating DNS resolver lua-nginx-memcached - Pure Lua memcached client driver for the nginx embedded Lua language lua-nginx-redis - Pure Lua redis client driver for the nginx embedded Lua language lua-nginx-websocket - Lua websocket client driver for the nginx embedded Lua language
I believe this is the problem... hum... there's a 1.21.4.2 RC1 out https://openresty.org/en/ann-1021004002rc1.html
I believe I now require some of your magic as to have it on https://ioc2rpz.net/downloads/ in ioc2rpz_community_install.sh line 473
474 curl https://ioc2rpz.net/downloads/openresty_1.15.8.1-1_armhf.deb -o openresty-1.15.8.1-1_armhf.deb
475 dpkg -i openresty-1.15.8.1-1_armhf.deb
476 ;;Hope this helps!
andrerferreira
commented
1 year ago Diff issue, just spotted on syslog:
Jun 27 11:20:01 raspberrypi CRON[13923]: (aferreira) CMD (/usr/bin/php /opt/rpidns/scripts/parse_bind_logs.php) Jun 27 11:20:10 raspberrypi named[12945]: general: rpz: oisd-full.ioc2rpz: reload start Jun 27 11:20:10 raspberrypi named[12945]: xfer-in: zone oisd-full.ioc2rpz/IN: transferred serial 1687830360: TSIG 'ioc2rpz.net-4a41726c21b3425c9370' Jun 27 11:20:10 raspberrypi named[12945]: xfer-in: transfer of 'oisd-full.ioc2rpz/IN' from 94.130.30.123#53: Transfer status: success Jun 27 11:20:10 raspberrypi named[12945]: xfer-in: transfer of 'oisd-full.ioc2rpz/IN' from 94.130.30.123#53: Transfer completed: 2346 messages, 1710269 records, 38177389 bytes, 21.887 secs (1744295 bytes/sec) (serial 1687830360) Jun 27 11:20:19 raspberrypi named[12945]: general: rpz: oisd-full.ioc2rpz: reload done Jun 27 11:20:29 raspberrypi named[12945]: lame-servers: network unreachable resolving 'a1091.dscw154.akamai.net/A/IN': 2600:1480:e800::c0#53 Jun 27 11:21:01 raspberrypi CRON[13939]: (aferreira) CMD (/usr/bin/php /opt/rpidns/scripts/parse_bind_logs.php) Jun 27 11:21:15 raspberrypi named[12945]: lame-servers: network unreachable resolving 'cash.ns.cloudflare.com/A/IN': 2400:cb00:2049:1::a29f:7e2#53 Jun 27 11:21:15 raspberrypi named[12945]: lame-servers: network unreachable resolving 'wanda.ns.cloudflare.com/A/IN': 2400:cb00:2049:1::a29f:7e2#53 Jun 27 11:21:15 raspberrypi named[12945]: lame-servers: network unreachable resolving 'cash.ns.cloudflare.com/AAAA/IN': 2400:cb00:2049:1::a29f:7e2#53 Jun 27 11:21:15 raspberrypi named[12945]: lame-servers: network unreachable resolving 'wanda.ns.cloudflare.com/AAAA/IN': 2400:cb00:2049:1::a29f:7e2#53 Jun 27 11:21:15 raspberrypi named[12945]: lame-servers: network unreachable resolving 'cash.ns.cloudflare.com/A/IN': 2400:cb00:2049:1::a29f:121#53 Jun 27 11:21:15 raspberrypi named[12945]: lame-servers: network unreachable resolving 'cash.ns.cloudflare.com/AAAA/IN': 2400:cb00:2049:1::a29f:121#53 Jun 27 11:21:15 raspberrypi named[12945]: lame-servers: network unreachable resolving 'wanda.ns.cloudflare.com/A/IN': 2400:cb00:2049:1::a29f:121#53 Jun 27 11:21:15 raspberrypi named[12945]: lame-servers: network unreachable resolving 'cash.ns.cloudflare.com/A/IN': 2400:cb00:2049:1::a29f:30b#53 Jun 27 11:21:15 raspberrypi named[12945]: lame-servers: network unreachable resolving 'wanda.ns.cloudflare.com/AAAA/IN': 2400:cb00:2049:1::a29f:121#53 Jun 27 11:21:15 raspberrypi named[12945]: lame-servers: network unreachable resolving 'wanda.ns.cloudflare.com/A/IN': 2400:cb00:2049:1::a29f:30b#53 Jun 27 11:21:15 raspberrypi named[12945]: lame-servers: network unreachable resolving 'cash.ns.cloudflare.com/AAAA/IN': 2400:cb00:2049:1::a29f:30b#53 Jun 27 11:21:15 raspberrypi named[12945]: lame-servers: network unreachable resolving 'wanda.ns.cloudflare.com/AAAA/IN': 2400:cb00:2049:1::a29f:30b#53 Jun 27 11:21:15 raspberrypi named[12945]: lame-servers: network unreachable resolving 'wanda.ns.cloudflare.com/A/IN': 2400:cb00:2049:1::a29f:937#53 Jun 27 11:21:15 raspberrypi named[12945]: lame-servers: network unreachable resolving 'cash.ns.cloudflare.com/A/IN': 2400:cb00:2049:1::a29f:937#53 Jun 27 11:21:15 raspberrypi named[12945]: lame-servers: network unreachable resolving 'wanda.ns.cloudflare.com/AAAA/IN': 2400:cb00:2049:1::a29f:937#53 Jun 27 11:21:15 raspberrypi named[12945]: lame-servers: network unreachable resolving 'wanda.ns.cloudflare.com/A/IN': 2400:cb00:2049:1::a29f:408#53 Jun 27 11:21:15 raspberrypi named[12945]: lame-servers: network unreachable resolving 'wanda.ns.cloudflare.com/AAAA/IN': 2400:cb00:2049:1::a29f:408#53 Jun 27 11:21:15 raspberrypi named[12945]: lame-servers: network unreachable resolving 'cash.ns.cloudflare.com/AAAA/IN': 2400:cb00:2049:1::a29f:937#53 Jun 27 11:21:15 raspberrypi named[12945]: lame-servers: network unreachable resolving 'wanda.ns.cloudflare.com/A/IN': 2400:cb00:2049:1::a29f:21#53 Jun 27 11:21:15 raspberrypi named[12945]: lame-servers: network unreachable resolving 'wanda.ns.cloudflare.com/AAAA/IN': 2400:cb00:2049:1::a29f:21#53 Jun 27 11:21:15 raspberrypi named[12945]: lame-servers: network unreachable resolving 'cash.ns.cloudflare.com/A/IN': 2400:cb00:2049:1::a29f:408#53 Jun 27 11:21:15 raspberrypi named[12945]: lame-servers: network unreachable resolving 'cash.ns.cloudflare.com/AAAA/IN': 2400:cb00:2049:1::a29f:408#53 Jun 27 11:21:15 raspberrypi named[12945]: lame-servers: network unreachable resolving 'cash.ns.cloudflare.com/A/IN': 2400:cb00:2049:1::a29f:21#53 Jun 27 11:21:15 raspberrypi named[12945]: lame-servers: network unreachable resolving 'wanda.ns.cloudflare.com/A/IN': 2400:cb00:2049:1::a29f:837#53 Jun 27 11:21:15 raspberrypi named[12945]: lame-servers: network unreachable resolving 'wanda.ns.cloudflare.com/AAAA/IN': 2400:cb00:2049:1::a29f:837#53 Jun 27 11:21:15 raspberrypi named[12945]: lame-servers: network unreachable resolving 'cash.ns.cloudflare.com/AAAA/IN': 2400:cb00:2049:1::a29f:21#53 Jun 27 11:21:15 raspberrypi named[12945]: lame-servers: network unreachable resolving 'wanda.ns.cloudflare.com/A/IN': 2400:cb00:2049:1::a29f:506#53 Jun 27 11:21:15 raspberrypi named[12945]: lame-servers: network unreachable resolving 'wanda.ns.cloudflare.com/AAAA/IN': 2400:cb00:2049:1::a29f:506#53 Jun 27 11:21:15 raspberrypi named[12945]: lame-servers: network unreachable resolving 'cash.ns.cloudflare.com/A/IN': 2400:cb00:2049:1::a29f:837#53 Jun 27 11:21:15 raspberrypi named[12945]: lame-servers: network unreachable resolving 'wanda.ns.cloudflare.com/A/IN': 2400:cb00:2049:1::a29f:209#53 Jun 27 11:21:15 raspberrypi named[12945]: lame-servers: network unreachable resolving 'wanda.ns.cloudflare.com/AAAA/IN': 2400:cb00:2049:1::a29f:209#53 Jun 27 11:21:15 raspberrypi named[12945]: lame-servers: network unreachable resolving 'wanda.ns.cloudflare.com/A/IN': 2400:cb00:2049:1::a29f:606#53 Jun 27 11:21:15 raspberrypi named[12945]: lame-servers: network unreachable resolving 'wanda.ns.cloudflare.com/AAAA/IN': 2400:cb00:2049:1::a29f:606#53 Jun 27 11:21:15 raspberrypi named[12945]: lame-servers: network unreachable resolving 'cash.ns.cloudflare.com/AAAA/IN': 2400:cb00:2049:1::a29f:837#53 Jun 27 11:21:15 raspberrypi named[12945]: lame-servers: network unreachable resolving 'xl.pt/DS/IN': 2a04:6d80::1#53 Jun 27 11:21:15 raspberrypi named[12945]: lame-servers: network unreachable resolving 'cash.ns.cloudflare.com/A/IN': 2400:cb00:2049:1::a29f:506#53 Jun 27 11:21:15 raspberrypi named[12945]: lame-servers: network unreachable resolving 'cash.ns.cloudflare.com/AAAA/IN': 2400:cb00:2049:1::a29f:506#53 Jun 27 11:21:15 raspberrypi named[12945]: lame-servers: network unreachable resolving 'cash.ns.cloudflare.com/A/IN': 2400:cb00:2049:1::a29f:209#53 Jun 27 11:21:15 raspberrypi named[12945]: lame-servers: network unreachable resolving 'cash.ns.cloudflare.com/AAAA/IN': 2400:cb00:2049:1::a29f:209#53 Jun 27 11:21:15 raspberrypi named[12945]: lame-servers: network unreachable resolving 'cash.ns.cloudflare.com/A/IN': 2400:cb00:2049:1::a29f:606#53 Jun 27 11:21:15 raspberrypi named[12945]: lame-servers: network unreachable resolving 'cash.ns.cloudflare.com/AAAA/IN': 2400:cb00:2049:1::a29f:606#53 Jun 27 11:21:15 raspberrypi named[12945]: lame-servers: network unreachable resolving 'sabado.pt/DS/IN': 2001:690:a00:4001::64#53 Jun 27 11:21:15 raspberrypi named[12945]: lame-servers: network unreachable resolving 'ns-377.awsdns-47.com/A/IN': 2600:9000:5304:af00::1#53 Jun 27 11:21:15 raspberrypi named[12945]: lame-servers: network unreachable resolving 'ns-1986.awsdns-56.co.uk/A/IN': 2600:9000:5301:7800::1#53 Jun 27 11:21:15 raspberrypi named[12945]: lame-servers: network unreachable resolving 'ns-1986.awsdns-56.co.uk/AAAA/IN': 2600:9000:5301:7800::1#53 Jun 27 11:21:15 raspberrypi named[12945]: lame-servers: network unreachable resolving 'ns-1986.awsdns-56.co.uk/A/IN': 2600:9000:5307:3c00::1#53 Jun 27 11:21:15 raspberrypi named[12945]: lame-servers: network unreachable resolving 'ns-1986.awsdns-56.co.uk/AAAA/IN': 2600:9000:5307:3c00::1#53 Jun 27 11:21:15 raspberrypi named[12945]: lame-servers: network unreachable resolving 'ns-377.awsdns-47.com/AAAA/IN': 2600:9000:5304:af00::1#53 Jun 27 11:21:15 raspberrypi named[12945]: lame-servers: network unreachable resolving 'ns-1986.awsdns-56.co.uk/A/IN': 2600:9000:5303:b800::1#53 Jun 27 11:21:15 raspberrypi named[12945]: lame-servers: network unreachable resolving 'ns-377.awsdns-47.com/A/IN': 2600:9000:5300:3000::1#53 Jun 27 11:21:15 raspberrypi named[12945]: lame-servers: network unreachable resolving 'ns-1986.awsdns-56.co.uk/AAAA/IN': 2600:9000:5303:b800::1#53 Jun 27 11:21:15 raspberrypi named[12945]: lame-servers: network unreachable resolving 'ns-1260.awsdns-29.org/A/IN': 2600:9000:5300:9d00::1#53 Jun 27 11:21:15 raspberrypi named[12945]: lame-servers: network unreachable resolving 'ns-1986.awsdns-56.co.uk/A/IN': 2600:9000:5305:fb00::1#53 Jun 27 11:21:15 raspberrypi named[12945]: lame-servers: network unreachable resolving 'ns-377.awsdns-47.com/AAAA/IN': 2600:9000:5300:3000::1#53 Jun 27 11:21:15 raspberrypi named[12945]: lame-servers: network unreachable resolving 'ns-1260.awsdns-29.org/AAAA/IN': 2600:9000:5300:9d00::1#53 Jun 27 11:21:15 raspberrypi named[12945]: lame-servers: network unreachable resolving 'ns-1986.awsdns-56.co.uk/AAAA/IN': 2600:9000:5305:fb00::1#53 Jun 27 11:21:15 raspberrypi named[12945]: lame-servers: network unreachable resolving 'ns-1260.awsdns-29.org/A/IN': 2600:9000:5302:df00::1#53 Jun 27 11:21:15 raspberrypi named[12945]: lame-servers: network unreachable resolving 'ns-377.awsdns-47.com/A/IN': 2600:9000:5306:ef00::1#53 Jun 27 11:21:15 raspberrypi named[12945]: lame-servers: network unreachable resolving 'ns-1260.awsdns-29.org/AAAA/IN': 2600:9000:5302:df00::1#53 Jun 27 11:21:15 raspberrypi named[12945]: lame-servers: network unreachable resolving 'ns-377.awsdns-47.com/AAAA/IN': 2600:9000:5306:ef00::1#53 Jun 27 11:21:15 raspberrypi named[12945]: lame-servers: network unreachable resolving 'ns-1260.awsdns-29.org/A/IN': 2600:9000:5304:2000::1#53 Jun 27 11:21:15 raspberrypi named[12945]: lame-servers: network unreachable resolving 'ns-377.awsdns-47.com/A/IN': 2600:9000:5302:6f00::1#53 Jun 27 11:21:15 raspberrypi named[12945]: lame-servers: network unreachable resolving 'ns-1260.awsdns-29.org/AAAA/IN': 2600:9000:5304:2000::1#53 Jun 27 11:21:15 raspberrypi named[12945]: lame-servers: network unreachable resolving 'ns-377.awsdns-47.com/AAAA/IN': 2600:9000:5302:6f00::1#53 Jun 27 11:21:15 raspberrypi named[12945]: lame-servers: network unreachable resolving 'ns-1260.awsdns-29.org/A/IN': 2600:9000:5306:5d00::1#53 Jun 27 11:21:15 raspberrypi named[12945]: lame-servers: network unreachable resolving 'ns-1260.awsdns-29.org/AAAA/IN': 2600:9000:5306:5d00::1#53 Jun 27 11:21:15 raspberrypi named[12945]: lame-servers: network unreachable resolving 'ns-614.awsdns-12.net/A/IN': 2600:9000:5305:4c00::1#53 Jun 27 11:21:15 raspberrypi named[12945]: lame-servers: network unreachable resolving 'ns-614.awsdns-12.net/AAAA/IN': 2600:9000:5305:4c00::1#53 Jun 27 11:21:15 raspberrypi named[12945]: lame-servers: network unreachable resolving 'ns-614.awsdns-12.net/A/IN': 2600:9000:5303:e00::1#53 Jun 27 11:21:15 raspberrypi named[12945]: lame-servers: network unreachable resolving 'ns-614.awsdns-12.net/AAAA/IN': 2600:9000:5303:e00::1#53 Jun 27 11:21:15 raspberrypi named[12945]: lame-servers: network unreachable resolving 'ns-614.awsdns-12.net/A/IN': 2600:9000:5307:8c00::1#53 Jun 27 11:21:15 raspberrypi named[12945]: lame-servers: network unreachable resolving 'ns-614.awsdns-12.net/AAAA/IN': 2600:9000:5307:8c00::1#53 Jun 27 11:21:15 raspberrypi named[12945]: lame-servers: network unreachable resolving 'ns-614.awsdns-12.net/A/IN': 2600:9000:5301:cd00::1#53 Jun 27 11:21:15 raspberrypi named[12945]: lame-servers: network unreachable resolving 'ns-614.awsdns-12.net/AAAA/IN': 2600:9000:5301:cd00::1#53
Homas
commented
1 year ago Many comments/questions :). I'll try to address all of them in a single message.
Support 11 and I'll help spread the word. I’ll do a small presentation on it and write an article 4 hackernoon. Then when 12 comes, you look at usage stats and decide if the effort is worth it.Ok. I'll check what I can do.
Suggestion: Can we have any not resolved/blocked redirected to a website page, rather than a website home page?Yes. In the response-policy settings you can define where to redirect. In RpiDNS configuration you can also set "Custom Redirect":
Offer a default template that states blocked and then let user change it?
This would provide more clarity for the non tech home user IMHO. I can imagine my wife calling me telling me the Internet is broken, me having to investigate and then figuring out it's a blocked resolution.Yes. It is possible not a heavy lift but requires some time to develop :)
The challenge, as I understand it, is how to get from a CNAME to do the webpage. Well, can the GUI not handle any requests flagged and display the page? This would remove the configuration step for the domain.You can't get to a specific webpage (it is in the http header) with DNS, but you can redirect to a site which will handle that. E.g. openresty generate a certificate on a fly and can do some other stuff like showing different content based on requested page.
As the script is ran as root, it should be fine with the above no? Yes the script requires root permissions to create folders, change configurations disable/stop services etc.
Curiosity question, why do you need apache2-utils if you use nginx?
in ioc2rpz_community_install.sh line 346
apt-get -q -y install php-fpm git openssl sqlite php-sqlite3 apache2-utils
If for compilation only, a clean up step after to remove it?I don't remember why apache2 utils are installed. may be there are some dependencies but of course it can be a mistake.
dpkg: error processing archive openresty_1.15.8.1-1_arm64.deb (--install):
package architecture (arm64) does not match system (armhf)
Errors were encountered while processing:
openresty_1.15.8.1-1_arm64.debLooks like you installed 32bit version of Raspberry Pi OS and this is the issue. Because you got Raspberry 4/8Gb (I assume in your first message it was RAM) I highly recommend to install 64-bit version due to better performance and full RAM access (32 bit version can access only 4Gb RAM).
I believe this is the problem... hum... there's a 1.21.4.2 RC1 outYes. It is a bit outdated but there was an extra patch i had to apply just for that version. I'm not sure if it is still needed - have to check.
Jun 27 11:21:15 raspberrypi named[12945]: lame-servers: network unreachable resolving 'cash.ns.cloudflare.com/A/IN': 2400:cb00:2049:1::a29f:7e2#53
Jun 27 11:21:15 raspberrypi named[12945]: lame-servers: network unreachable resolving 'wanda.ns.cloudflare.com/A/IN': 2400:cb00:2049:1::a29f:7e2#53
Jun 27 11:21:15 raspberrypi named[12945]: lame-servers: network unreachable resolving 'cash.ns.cloudflare.com/AAAA/IN': 2400:cb00:2049:1::a29f:7e2#53
Jun 27 11:21:15 raspberrypi named[12945]: lame-servers: network unreachable resolving 'wanda.ns.cloudflare.com/AAAA/IN': 2400:cb00:2049:1::a29f:7e2#53Looks like you don't have IPv6 but bind tries to resolve some queries via IPv6.
Homas
commented
1 year ago @andrerferreira just released RpiDNS for Rapbian11 32-bits (Raspberry OS 11). It may work on 64-bits but I didn't test it yet.
Homas
commented
1 year ago RpiDNS is supported on Rapbian11 64-bits (Raspberry OS 11)
Hi Homas,
1st time user.
I've just overwritten the variable in ioc2rpz_community_install.sh to allow for Rapbian11 on a Raspberry 4 with a 8GB card. No issues to report. Rebooting now.
I think the GUI will have some checks against version 10 also, maybe have to try magic there. Any news regarding supporting it?
2023-06-27 00:31 ######### RpiDNS was installed #########
I'll annoyingly update here with blockers and findings