Update: 2024-10-26
- Added 2 more packages to the repo (ControlD and NextDNS)
- Both operate the same as Blocky and are other DNS Resolvers with AdBlocking
- Same rules as Blocky (see below) apply...
- Login to OPNsense shell.
- Execute the below two commands in OPNsense shell (either as root user or use sudo)
sudo fetch -o /usr/local/etc/pkg/repos/guru-repo.conf https://raw.githubusercontent.com/gspannu/OPN-Plugins/master/guru-repo.conf;
sudo pkg update -f
-
On OPNsense, login to GUI. Go to System> Firmware> Plugins and search for os-blocky
-
Install os-blocky
-
Refresh the browser page to reload OPNsense GUI
-
If Blocky is being used as the 'Primary DNS' then remember to disable Unbound/dnsmasq or setUnbound/dnsmasq listening port to something other than 53, else Blocky DNS will not execute and throw an error.
-
Goto Services, and a new entry for Blocky DNS should be available. Enable/ use as appropriate.
-
Once Blocky is confirmed working, you may configure the Blocky DNS configuration by directly editing blocky-config.yml file in /usr/local/etc/blocky/blocky-config.yml. Use something like
nano /usr/local/etc/blocky/blocky-config.yml -
On OPNsense GUI > Disable and Renable Blocky DNS
-
All errors are logged in '/var/log/blocky/blocky.log'
-
Also check that Blocky DNS is working as the primary dns resolver. In OPNsense shell, execute
cat /etc/resolv.confand it should have a nameserver entry for localhost (e.g. nameserver 127.0.0.1).
[OPNsense] router:~ $ cat /etc/resolv.conf
domain home
nameserver 127.0.0.1
search home
OPNsense may require a restart for this to work. It is advisable to restart OPNsense and check this.
- OPNsense made some changes recently where the primary DNS (:53) now needs to be advertised specifically by 3rd party DNS resolvers, like Blocky, AdGuardHome, etc. The plugin has been updated with this property and it shoudl work. However, it is a good idea to define the DNS server (for each affected interface) in the DHCP page of OPNsense. See below.
OPNsense GUI > Services > ISC DHCPv4 > [InterfaceName] > DNS servers. Specify the [interface IP address] address here e.g. 192.168.1.1 or 192.168.10.1. Do this for all DHCPv4 interfaces and it ensures that all clients will obtain the router IP address as DNS resolver (just in case Blocky fails to register on port 53). Read about this issue here for more details: opnsense/core#6513 (comment)
- Removing os-blocky plugin
-
Disable Blocky DNS from OPNsense GUI > Services > Blocky DNS
-
Ensure that internet is working fine (i.e. enable some other DNS resolver, etc.)
-
Delete Blocky from OPNsense
- GUI > System > Firmware > Plugins : Remove os-blocky
-
Refresh OPNsense GUI browser
-
Now login to OPNsense shell
sudo rm /usr/local/etc/pkg/repos/guru-repo.conf
sudo pkg update -f