@bbcan177 that typing error was occured during making this post I tried to edit it but it does not let me to do so. its 192.168.100.0/24 . Regards

@ex1580 I appreciate the post. I have the same TLD CN block and couldn't get past the OUT OF SYNC error until encountering your post. This does seem to be a defect on the surface but I'm interested to see how it ultimately resolves.

@harison Just off the top of my head I'd say to make sure that this setting is unchecked in Services/DNS Resolver/General Settings: [image: 1615557859064-d2f51175-a5a1-4dcd-b29f-4fa90bf826ad-image.png] The above causes unbound to stop and reload itself every time a client requests a DHCP lease. During that time DNS resolution does not happen and therefore nothing trying to be reached by a domain name (www.google.com) can be reached on the net (unless it is already cached in the DNS). Other than that, I think we're going to need a lot more info to help you. As a start, I'd suggest screenshots of your DNS and pfblocker settings as well as Status/System Logs/System/DNS Resolver and Status/System Logs/Gateways when the issue is happening. When the web "crashes" can you ping 8.8.8.8 from the WAN as the source address in Diagnostics/Ping? What about www.google.com?

@bbcan177 said in "DNSBL Listening interface" best choice with VLANs?: just keep it as "lan" and use the Permit firewall rule option to create a floating permit rule that will allow the other lan segments to access the DNSBL listening interface Hello all, I also work with the pfblocker and the DNSBL feeds. What do I have to set so that the lists only work on the interface LAN? Currently, I have the lists working on all interfaces. I don't want that

@bbcan177 Thanks. I was hoping for a less involved solution. Though, I'll take what I can get.

@teamits in other forums, they manage it the way, that maintainer/admin/mod is only allowed to post in that single thread. each version gives a new thread with the version specific changes. That will keep a history of the versions. users can continue asking questions or whatever in different threads

@tzvia I had it set to 2.5. I had no idea that this setting impacts packages, especially since there's clear mention about this being related to firmware update...weird design. Anyway, after changing it to 2.4.5, the _15 is gone from the list. Which I guess is ok. Thanks.

@illern p1 fixed the kernel lock issue but this is another :(

@guilty Figured out the issue. Google Wifi was causing this behavior. The only way I found out was hard wiring in. So Google wifi is doing something with the DNS requests as they come in.... why they do that...who knows. I was planning on removing Google Wifi soon. This is yet another reason to get rid of it.

@bbcan177 said in pfBlockerNG 2.1x - fix for Talos feed and Cloudflare 1.1.1.1 DNS: > I hear you Man, I'm with you, you communicate poorly, these people believe in you, so in nothing else. OPEN SOURCE

Zombie thread resurrection as this issue is back due to a regression. Link to new thread: https://forum.netgate.com/topic/161817/pfblockerng-2-1x-fix-for-talos-feed-and-cloudflare-1-1-1-1-dns

@rjk13230 ??? pfB has only ever had a entry under the Firewall menu that I'm aware of.

@mcury said in pfblockerng 3.0.0_15 not available in 2.4.5p1: I really don't want to run with only one cpu Right, I was just pointing that out as an apparent workaround until the PHP issues are fixed, for someone who can't downgrade and doesn't want to run with out Snort or pfBlocker. Haven't tried it myself. re: 3100 date: blog post: Introducing the SG-3100 Firewall Appliance by Doug McIntire on 05 Sep 2017

is this normal behavior?...pfblockerng.log... ===[ DNSBL Process ]================================================ Clearing all DNSBL Feeds TLD Analysis not required. Stopping Unbound Resolver. Unbound stopped in 2 sec. Additional mounts (DNSBL python): No changes required. Starting Unbound Resolver... completed [ 03/5/21 03:00:03 ] Restarting DNSBL Service (DNSBL python)cat: /var/db/pfblockerng/dnsbl/*.txt: No such file or directory cat: /var/unbound/pfb_py_data.txt: No such file or directory cat: /var/unbound/pfb_py_zone.txt: No such file or directory

@rtw915 The text that you highlighted is referencing IP "Match" types. Its not needed if you want to Block those IPs. pfSense allows creating Match IP Rules, to allow for the "Logging" of the event any nothing further.

@dalillama So I assume that MaxMind was rate-limiting based on the cURL user-agent string. When the ID was missing, it was a generic string "pfSense/pfBlockerNG cURL download agent-". Then when the ID was found, the UA string was not rate-limited because it included the ID.

Sorry for the resurrection, I seem to be experiencing the same issue, and my cron update won't go past 1 AM, and I'm on pfsense 2.5

It is not only the Foss version but official Android Telegram app does the same. I have 11888 hits on the IP 196.55.215.129 in last 24 hours. Anyway the Telegram itself works OK. It is "just" annoying...

@monaco said in DNSBL fail - pfblockerNG: https://raw.githubusercontent.com/RPiList/specials/master/Blocklisten/pornblock3 the following error: [ DNSBL FAIL ] [ Skipping : pornblock3 ] [1614168721] unbound-checkconf[22123:0] error: local-data in redirect zone must reside at top of zone, not at m.www.localhost 60 IN A X.X.10.X [1614168721] unbound-checkconf[22123:0] fatal error: failed local-zone, local-data configuration Is it possibly because of this entry: m.www.localhost Yes you can't add localhost TLD in a blocklist as you have that TLD already defined in Unboubd abd hence the error: "local-data in redirect zone must reside at top of zone" Seems like they removed that domain from that Feed.