Collabora Set-up - guidance

I’ve turned it off now, I gave it 10 mins and it seems to be working from inside the container. But I don’t know if this is coincidence as it was intermittent before now. I also can’t see any records of anything relevant being blocked before now.

Why would I have had intermittent access before if it was blocking?

Thanks!

you can use DNSSEC in Pihole, provided your router/firewall knows this! you should enable DNS over TLS (DoT) and check your DNS rebind security settings in your router/firewall and allow DNSSEC

ahhhh… getting there, its always DNS :nerd_face:

1 Like

That’s great to know, thank you. I’ll get that sorted in pfsense once I get this issue solved. In my settings it looks like DNSSEC mode is enabled. I have my dhcp setting dns server to be my pihole for all clients however, with my upstream servers selected in pihole

yeah, make sure these are DNSSEC enabled!

I did, I chose clouflare DNSSEC and OPENDNS (DNSSEC), besides my DNSSEC is off for now. I don’t see anything in Pihole that makes sense to have caused an issue.

next check that DNSSEC is enabled in your router to pass through TLS and enable DoT.

to reduce overhead… you should try decide which of your multiple services pfsense, pihole, adguard etc. is to be in charge of the network. let pfsense do the network stuff and let either Pihole or adguard do the DNS stuff. try not to mix DNS-types.

1 Like

With DNSSEC off in pihole, I’ll just turn off DNSSEC in the router for now then?

I don’t think pfsense is doing any dns work, it gives the clients the pihole IP for DNS.

I have re-enabled blocking and so far not had the issue again yet, colour me confused

yeah if that works for you :+1:

1 Like

maybe Pihole needed some kind of breather? dunno what it does inside. :thinking:

if you’re all good now and the issue solved, please mark this thread and add the solution

1 Like

And with blocking on, no issue. It looks like the first curl returns an error, then the next works fine, perhaps the first request takes too long, then after that it is fine?

I will leave this open for a few hours and if no more issues, I will mark turning off DNSSEC as the solution.

scubamuc, should I turn off DNS resolution entirely in pfsense?

that’s a tough question. DNS is complicated…

  • DNS can be configured locally on the host (see Hosts & FQDN configuration) bypassing Pihole and router/firewall completely
  • if you’re running a local DNS (Pihole) then let ONLY Pihole handle the DNS stuff and turn off DNS handling in the Firewall
  • usually the firewall within modern up-to-date routers is enough to secure the network… no need for UFW or pfsense etc. especially when your homelab is Linux based
  • letting the Linux host handle DNS is acceptable since DNS resolution is tricky and managed well by most distro’s
  • if you have ’ kids in da house’ or would like to prevent abuse, then resolve DNS centrally by setting your local DNS (Pihole) in your local network (LAN/WLAN) in your router

Thank you.

To confirm my understanding:

I intend to keep using pihole for DNS, its served by my router (pfsense homemade situation) via DCHP to all clients as the DNS server. So there “should” be no harm in turning off DNS resolution in my router?

you mean firewall right?

I’m no good with the terminology. I mean the setting in pfsense (Im using an old pc running pfsense to replace my old TPlink router) that is a service called “DNS resolver”

hmmmm… routers are cheap and plenty, an old pc has high consumption you’d be well advised to invest in a good router

Lets say its a router running pfsense then

fine… :+1: then disable “DNS resolver” on the firewall

1 Like

Update:

  • added dns entry in pihole for my domain to point to local ip.
  • disabled DNSSEC for now
  • disabled router dns resolution, all done in pihole
  • added the following to env -aliasgroup1:
    - aliasgroup1=https://nextcloud.mydomain.org:443,https://nextcloud\\.mydomain\\.org:443
2 Likes