So you are just using the default DNS servers? Aren't those your ISP's DNS servers? That means you'll be leaking DNS, which defeats the purpose of using the VPN.

I'm still trying to solve this issue too, but that doesn't seem like the way to do it.

I checked the DNS at whatsmydns.net and it came back with all green check marks.  I assume that is good.  As far as the rest of the thread, there were a lot of commands that went over my head.

I have not seen the problem since that one incident.  It so happened when this incident happened, the finance.yahoo.com site was real sluggish and I would get a lot of connection errors.  So maybe yahoo was under attacked?

I did a full scan of my laptop with Windows defender and it came back clean.

You have to inspect the System Logs, Resolver Logs and pfblockerng.log to pinpoint the issue.
Depending on your system, Unbound reload can take minutes to complete, during that time no DNS resolution is available.

Check Services / DNS Resolver / General Settings DHCP Registration should be uncheck as every DHCP lease will reload Unbound.

…looking back at comments, I found out this domain blocked as well, somewhat similar config... (192.168.0.1 being my VIP)

grep steepto.com /var/db/pfblockerng/dnsbl/.txt /var/db/pfblockerng/dnsblorig/.orig /var/unbound/pfb_dnsbl.conf /usr/local/pkg/pfblockerng/dnsbl_tld

/var/db/pfblockerng/dnsbl/easy_list.txt:local-data: "steepto.com 60 IN A 192.168.0.1"
/var/db/pfblockerng/dnsblorig/ad_servers.orig:127.0.0.1 imgg.steepto.com
/var/db/pfblockerng/dnsblorig/easy_list.orig:||steepto.com^$third-party
/var/db/pfblockerng/dnsblorig/easylist.orig:||steepto.com^$third-party
/var/db/pfblockerng/dnsblorig/hpHosts.orig:127.0.0.1 imgg.steepto.com
/var/db/pfblockerng/dnsblorig/hpHosts_ads.orig:127.0.0.1 imgg.steepto.com
/var/unbound/pfb_dnsbl.conf:local-zone: "steepto.com" redirect local-data: "steepto.com 60 IN A 192.168.0.1"

Try to increase the Firewall Maximum Table Entries  under  System / Advanced / Firewall & NAT

I never had luck with that list…try doing a "Force reload" with the list removed. Maybe a reinstall of package(making sure you "checked" the box that says "don't keep block or settings".

Thanks for the update Rick, hopefully BBcan will provide more info on the feed choices. Either way it certainly looks like the next big release has some really exciting stuff in it.

I sent you a PM…

@drewsaur:

I love this stuff as much as the next guy, but since this is likely a moving target, you could spend the same time mixing some nice drinks and making popcorn while the trailers play. :)

Cheers!

They are just so damn annoying though - why they would choose to do this i have no idea.

FireTV stick….slingtv works without either exceptions....was trialing vue.....may switch to vue next month......roku ultra being delivered tomorrow, so will move this stick to another tv for now.

Next Release will have a Feeds Management Tab which will make this easier to manage:
    https://www.patreon.com/pfBlockerNG/posts?tag=Screenshots

If you use pfSense Aliases, they are not accessible as a table unless you use the URL Table IPs option… Otherwise the IPs are stored in base64 format in the pfSense config.xml file

@code4u:

Awesome. Thank you. That solved my problem! Now the "No Domains Found" error makes sense. :-) Maybe it would help newbies if the error further stated:  "Check to ensure that you're not adding IP based feeds to the DNSBL tab which is for domains based feeds. IP based feeds need to be added to the IPv4 tab." or something similar.

Ok I will adjust the text…Thanks...

Some DNSBL Feeds listed here:
    https://forum.pfsense.org/index.php?topic=102470.msg572943#msg572943
    https://forum.pfsense.org/index.php?topic=102470.msg573159#msg573159

Next Release will have a Feeds Management Tab:
    https://www.patreon.com/pfBlockerNG/posts?tag=Screenshots

@Xentrk:

@BBCan177, how come the DNSL Alert Log reports the IF and Source as unknown?  Is there a setting I need to configure?  I still see IF and Source information from some LAN clients.

This is already addressed in the upcoming release…

Thanks.
Managed to do it and whitelist the domains.

I have almost the same configuration, but in my setup all three are working beautifully excepting one stubborn domain that I cannot seem to be able to block (steepto.com).

Take a look at this thread: https://forum.pfsense.org/index.php?topic=142077.0

One suggestion, install squidguard too and they may behave…

grep "IP listed under feed"  /usr/local/share/GeoIP/cc

Or

Open /usr/local/share/GeoIP/cc/Europe_v4.txt  and search for the IP that's blocked.  Scroll up to the previous # mark and it should have a header for the country name.

@cyberzeus:

You only need to add rules to the Inbound, if you have any open WAN ports that you would like to filter on.

To add to this, I think most guides say to use Deny Both because while you may start out with the default case of all unsolicited inbound WAN traffic being blocked, as soon as a single port is open for service, the game is afoot.  So, if you start out with Deny Both, then at least you're covered if something changes on the WAN and you forget to change your pfB protection.

Personally, I use Floating for my pfB lists and have them attached to both WAN\LAN…

Keep in mind that adding rules to the WAN when there is no open Ports is wasting processing power of the box and flowing down queries as each inbound packet will go thru each table unnecessarily..  Your also going to fill the widget and logs with noise and miss out on the real events that were being blocked which should be investigated….

@cyberzeus:

So first, De-dup was NOT enabled - I chg'd this and now have much better results - THANK YOU.  Next, you read my mind - as when to not use de-dup.  You mentioned "Alias Native" which I can research here but please also feel free to discuss that or other situations where de-dup would\should not be used.

Thanks again…really appreciate the help...OH, by the way - pfB really does kick ass...killer package...one of the reasons I choose pfSense...there are many reasons why but pfB is definitely one of the tops...

You could also use "Alias Deny" which will use deduplication….

Sometime you might add a Feed to block an ASN for a particular segment of the LAN, so using Alias Native will create its own isolated aliastable without deduplication taking effect and affecting the IPs in the other blocklists... Just one example...

That was it!! Thank you ;D