@s3b0
In that case, when you see this :
@s3b0 said in Block xxx rated pages redirections (CNAME -> A) - pfblockerng:
;; communications error to 192.168.2.1#53: timed out
;; communications error to 192.168.2.1#53: timed out
which says : dig wanted to contact "192.168.2.1" (== pfSense unbound) but wasn't avaible, so ok ... more DNS servers are available (not there by default, but you've added them), so it took 208.68.222.222 or 208.67.220.220 etc.
And the DNS request against one of them worked out just fine, p#rn.com was resolved.
Exactly what you told your pfSense :
76101dd9-632b-4c55-9b8a-700076e48005-image.png
I guess you get it by now : if you want your DNS request to be filtered by pfBockerng, they have to be handled by unbound (only) who passes them through pfBlockerng. If this circuit can get bypassed, filtering stops working.