If you do nslookup doubleclick.net Serveur :  pfsense.somewhere Address:  172.47.18.71 Nom :    doubleclick.net Address:  10.10.10.1 you should see your pfsense box replying. If not then either your pfsense configuration for DNS service is incorrect, or your lan device use another DNS server for answer. Check your device DNS configuration, if you are using Internet Security like AVG, maybe they override DNS resolution. Hake a look at @BBcan177: @xphiles: so after much troubleshooting and trying things at the firewall level, i disabled my full avg protection and it works on the host(s) in question. so I have to granularly figure out which service in AVG is messing up my dns I think this is what you were looking for:     https://help.avg.com/en/avg_free/17/securityantivirus_securedns.html You can configure pfsense DCHP server to provide the correct DNS/DNSBL server for devices

I know it is a pain but I periodically have gotten pfBlockerNG DNSBL issues, I have rsolved it by: making sure "Keep settings" is not checked, then saved, running a cron "Force" reload and then rebooting firewall. I then deinstall pfBlockerNG and then reinstall…. it then works. A little harsh but seems to work... I am running DNSBL with pfBlockerNG and 2.4.1 and all is working...

I have very similar setup as you and it works for me. Not really sure. I say double-check everything again. Have you tried rebooting the system after making those changes?

I did a little poking around, and my DNS Resolver was set so that Network Interfaces and Outgoing Network Interfaces were both set to "All." I changed Network Interfaces to LAN and Localhost, and Outgoing Network Interfaces to "WAN" and things are MUCH better now. Thanks!

Yes this will be in the next release…

https://forum.pfsense.org/index.php?topic=138887.0 Thanks BBcan177

@BBcan177: I have posted PR#470 for pfBlockerNG v2.1.2_1 for review by the pfSense devs. https://github.com/pfsense/FreeBSD-ports/pull/470 Changelog: Switch flock() to try_lock() Remove conf_mount_{ro,rw} calls Add 'Alias type' rules to states removal feature Thank you. I ran the patch files but assume I should still update pfBlockerNG which I will do once available in package manager. (not a complaint) Thank you for the work you do.

@xphiles: thanks, although I am confused how when I have rules in place to block any other DNS, it still got past it to AVG? They do that thru an HTTPS (I would hope… and not thru HTTP) call back to their domain. So they are stopping DNS hijacking by doing their own DNS hijacking :) lol...

Most definitely I'll do that. I thought i'd try here first since it referenced 10.10.10.1 IP. Thank you for your continued support to pfSense <3

If you goto the pfSense firewall log, do you see these alerts?

@BBcan177: Thanks for reporting this… Looks like it wasn't picking up Alias type rules with "pfb_" in the Rule descriptions. Can you edit:  /usr/local/pkg/pfblockerng/pfblockerng.inc https://github.com/pfsense/FreeBSD-ports/blob/devel/net/pfSense-pkg-pfBlockerNG/files/usr/local/pkg/pfblockerng/pfblockerng.inc#L5099 and change Line #5099 from: if ($alias['type'] == 'urltable' && strpos($alias['name'], 'pfB_') !== FALSE && strpos($alias['descr'], '[s]') === FALSE) { to: [code] if ($alias['type'] == 'urltable' &&     (strpos($alias['name'], 'pfB_') !== FALSE || strpos($alias['name'], 'pfb_') !== FALSE) &&     strpos($alias['descr'], '[s]') === FALSE) { Please report back ... Thanks! I am still having the same issue after changing the code [/s][/code][/s]

BBcan177, Thank you very much for your help.  It turns out my ISP device had disabled modem mode and this was actually the cause of the problems.  Once I re-set modem modem the entries for pfBlocker reappeared as before in the log. Thanks again.

@dcol: Why not just use https://ransomwaretracker.abuse.ch/downloads/RW_IPBL.txt They are two different Feeds… The URL and DOM feeds should be used in DNSBL as it contains Domain names.... There are also IPs mixed in, so enabling the DNSBL IP option will also pull those IPs...

@tim_co: No worries. I got the information I was looking for. Thanks again. As an FYI: In the Alerts tab, you can click on the "I" infoblock icons and it will load a Threat Lookup page with several Threat Source lookup tools….

@securvark: I'd like to do the same for Steam downloads and Steam games. Preferably, for all my games (Origin, Battle.net, Uplay), but that may be too much to ask (I don't know). Maybe you can try looking up the ASNs for those https://bgp.he.net/dns/battle.net#_ipinfo Or try a google search for list of IPs for those sites… Maybe someone else will chime in if they have accomplished this...

The latest updates to pfBlockerNG are bug fixes. I guess BBCan177 will change version number when the new features are implemented and tested.