when will you have a data center in brazil?
1 Like
Hello Douglas - Brazil location: Good question. Weāve been asymptotically close to getting facilities in Sao Paulo for nearly two years, but thereās always something that blocks the installation. There is another opportunity pending, but we donāt have a timeframe. Tariff issues seem to be the biggest issue. Getting donated (free) equipment into Brazil tends to cost tens of thousands of dollars to import because the agencies there charge on new value of the gear, which is not in in the scope of our budget. If you know anyone who can get a waiver for tax on importing gear to improve Brazilās Internet security, weāre interested in that discussion, but until then we have to work on more creative angles which take more time.
2 Likes
Iām sorry if Iām missing something, but I clicked on the ābad malwareā sample link (in a sandboxed VM, of course, since you warned us) in your June 4, 2020 post #55. But when I do so, then it either gets stuck on āloadingā¦ā or someting similar to the attached screenshot
or redirects to the main otx.alienvault.com page. I assume the link is NSFW?
Also, I punched the IP address 198.251.90.71 mentioned in that post, into VirusTotal and got a perfectly clean 0/67 report.
1 Like
Malware getās removed over time, IP addresses get recycled.
1 Like
Iām new to pfsense (about 3 weeks) itās been an intresting time. Iāve been using OpenDNS paid account for 10+ years. I am kind of bummed it got such low marks. I have a good size home network with several destops 4 NASās, 6 IP cameras, phones, tablets, access points, ect. I would like to think Iām making good choices but now not too sure? As someone that wants to learn more and is fairly confedent I can, here is the big question, should I try Quad 9 or one of the othes that had better results? I do like the the loging on OpenDNS. Filtering is nice but does not seem to be as high a priority as it used to be now that my kids are grown. Love the Vidoes keepo up the great content. I welcome replys. Thanks
I would say use Quad9 unless you want the logging as Quad9 offers no logging as part of their privacy model.
Tried to switch to Cloud 9 this morning. Been at it for hours. Tried everything in a couple of your videos and this one and the one (DNS Over TLS On pfSense 2.4.5) as well as Netgate guides. Did all the checks in pfsense seems to be working but my Win 10 desktop wonāt resolve to Cloud 9. It still lists OpenDNS servers. Tried flushing DNS, rebooting shutting down firewall, and switch. Nothing seems to get Windows off of the OpenDNS servers. I know I must be doing something wrong but ay this point I donāt know? It is probably staring me in my face but Iām not getting it. Havenāt broken anything yet but given enough time I know I can (break it that is). Any pointers would be greatly appreciated.
Do you have DNS hard coded or set to auto on your Win 10 machine?
Nope, the first thing I checked. I went there first because Iāve been messing with stuff with this new setup and figured I must have forgotten to put it back to DHCP. Alas, it was on DHCP. Still messing with it (pfsense) that is. Lucky for me I had backups and of course auto backup. Love this thing it is very resilient! I am continuing my research. Will keep at it. When I find the answer I will post.
Update! I believe we have lift off! It was under DHCP Settings in pfsense I had the actual OpenDNS servers typed in there. As soon as I deleted them it works. Thanks for the advice. This made me check the DHCP servers entries and there it was staring me in the face. Thanks again!
1 Like
Yup sometimes one canāt see the trees for the forest or the forest for the trees. Was just there with a Linux SMBClient to SMB on Win server issue. What made it interesting is all the documentation said what we were doing was correct but it wasnāt.
Hey, any news regarding this?
Great information! Tom youāre making the world a better place.
2 Likes
Itās worth mentioning here the differences between OpenDNS and Umbrella. We have an MSSP (Managed Security Services Provider) agreement with Cisco to sell Cisco Umbrella here in the UK.
The reason I wanted to chime in, is although this is a fantastic comparison (good job Tom) it did fall in to the trap of referring to OpenDNS as Umbrella interchangeably on numerous occasions and they are NOT the same thing.
To clarify, selective proxy which scans domains for advanced threats (including Threat Grid for malware scanning) is a feature of certain Umbrella packages but NOT available from OpenDNS.
That is not to say that I stand behind the performance results for OpenDNS, because they are agreeably not the best. Iām simply saying that you canāt test OpenDNS and state that the results are for āUmbrellaā because in a production environment they are different things and have different capabilities for malware filtering in particular.
3 Likes
For anyone reading Johnās comment above, a technical clarification: they flip the RA bit, not RD ā hence the use of the dns.flags.recavail filter in his tshark example. If you want to catch these packet with tcpdump, you can use a bitmask: āudp src port 53 and udp[11] & 0x8f = 3ā. That will catch NXDOMAIN replies with an RA bit set to zero.
1 Like
I am new here and have just started exploring this area. I may ask some silly questions. I would appreciate it if anyone answered these:
-
Do I need to create an account for each DNS resolver to have their services? For instance, if I want to use a DNS filter resolver, how can I set up the configuration to get the service of it.
-
Without creating an account for each one, I ran the script and got the results? Does it make sense?
Looking forward to having some help with detailed information and guidelines.
Qaud9 and Cloudflare do not need an account, the other paid services require accounts for their more advanced features.