@Gertjan s7.vonderste.in resolves to 94.16.122.152. I just saw a dns request for that. In the whitelist on OTX Alienvault there is a timeserver: 3.de.pool.ntp.org I just don't know why a timeserver runs on a TOR node and seems to be hosted by a private person. Maybe pfblocker resolves it incorrectly becaues the time server is hosted on the same IP? Anyway I see this coming from my ASUS router which is in Access Point mode. These weird domains always come up every hour and I think they are related to ntp on that ASUS router. Since I disconnected it it has stopped. Here is an example of what I see. Scanning these IPs shows nothing malicious but who knows. 93.122.215.85.in-addr.arpa,192.168.1.8,sonne.floppy.org,unk 94.244.38.46.in-addr.arpa,192.168.1.8,basilisk.mybb.de What didn't stop was on my work computer these weird replies as mentioned above. reply,A,NSEC,1081,domaincontroller-gPHvwjYS.local,192.168.1.86,NXDOMAIN,unk But it only happend once today instead of multiple times like the days before. @Gertjan said in pfBlockerNG not logging anything by default?: Where - what log - did you find that URL (DNS only deals with host names) ? I find them in pfblockerNG dns_reply log under Logs EDIT: I just realized that it is kind of in the name pool.ntp.org its made up of multiple sources so it does make sense that it resolves some of these weird private hosts?

@Gertjan said in pfBlockerNG-devel 3.2.8 service pfb_dnsbl don't start: Masterfile Count [ 16446 ] Deny folder Count [ 16445 ] This sanity check failure might be the issue as discussed here: pfblockerNG Database Sanity check Failed

So you're using the CARP IP address for the pfBlockerNG redirects? May I ask why that's necessary?

I resolved this by accepting the T+Cs via https://www.maxmind.com/en/accounts/1205389/geolite2/eula

@Gertjan Hello, Thank you. I had exactly the same issue, and your solution helped me fix it. Ask ChatGPT

@SteveITS ...got it, I should have looked in the docs... I do too use Quad9 and have DNSSEC disabled, so I guess my question is pointless.. Thank you for all the help.

@qinn Sent him an email Dan an email to the address on his site.. Not sure what is happening, my Teams stopped working. Disable it/turn it off and the problem went away.

@AlexK-0 said in Can't receive GeoIP databases updates anymore, banned: Days ago, I received from MaxMind an email, notifying me that my country has been banned to receive GeoLite City database updates. You've found a reason to use a VPN.

@Laxarus This worked for me as well. Though I had to search the web how to edit the file (the easiest way). Therefore: Addition for anyone struggling to find where to edit files on your pfsense system. Go to Diagnostics --> Edit File --> insert the location of the file: /usr/local/pkg/pfblockerng/pfblockerng.sh Go to line number 1232 by filling it in the Go to line field. That line should read: s1="$(grep -cv ^${ip_placeholder2}$ ${masterfile})" replace only (leave the rest intact): masterfile to mastercat Then follow the above instructions from @Laxarus https://forum.netgate.com/post/1219635

Thanks everyone. That did it. No more errors!!

@Qinn said in Feed issue on SWC: Got a reply from Dan and here it is solved. Thanks for feedback!

You can download it here now: https://raw.githubusercontent.com/ianb/alexa-sites/refs/heads/master/top-1m.csv

@The-Party-of-Hell-No excellent. I’m glad some experimentation proved successful.