@rasputinthegreatest said in pfBlockerNG not logging anything by default?:
It is a Ubuntu device
Ah, ok. I'm not familiar with Unbuntu but I do use Debian myself.
Like pfSense (based upon FreeBSD) there is file called /etc/resolv.conf which contains something like :
nameserver 127.0.0.1
nameserver ::1
....
which means that programs process running on that system know where to go with their DNS requests.
Guess who listens on port 127.0.0.:53 on pfSense ?
Let's ask ;)
[25.07-RELEASE][root@pfSense.bhf.tld]/root: sockstat -4 | grep ':53'
avahi avahi-daem 61533 13 udp4 *:5353 :
unbound unbound 14531 5 udp4 *:53 :
unbound unbound 14531 6 tcp4 *:53 :
....
If you Ubuntu was told that DNS requests have to send to 127.0.0.53 (probably port 53) then there must be a process that handles DNS requests listening on that address:port. If there is none, then you get a service fail or "SERV FAIL" as no DNS service is avaible.
That needs to be set up correced ^^
@rasputinthegreatest said in pfBlockerNG not logging anything by default?:
I have my ISP router (running Quad9DNS)
I have also a ISP 'upstream' router. Somewhat mandatory for me as that device knows how to talk to the 'laser led wire' (fiber) and handles the login against my ISP.
My ISP router probably uses the ISP's DNS servers, I'm not sure.
pfSense gets a WAN IP from this ISP router, which will be a RFC1918 like 192.168.10.4.
By default, pfSense won't use an DNS suggestion that comes with the lease from the ISP routers DHCP server, as (my) pfSense resolves.
Here are my Unbound settings. General Setup I already showed above
Pretty default so you're good.