Update:

(^|\.)domain\.com$

Blocks the domain and subdomain... I just didn't clear my DNS cache on device. So far, it is working.

Its been 2 days and no error messages..looks like we are in the clear. (fingers crossed). Thank you.

@bmeeks I installed the regular version. I'll uninstall and try out the development version, thank you.

@wc2l Status/System Logs/Settings

Never mind, though I haven't resolved this specific issue, I realized I don't really need to set the gateway for the problem I'm trying to solve.

I tried to delete the post but It wasn't letting me.

@serouja sorry it's working fine now, I just have to reconnect to the AP.

@steveits thats what it is. It was the OISD feed. Once removed the error went away and I now see my custom list being used as well solving another issue i posted.
This feels like a bug as the memory was never reaching close to 4GB (4100 Max). There should still be plenty of memory available for the OISD feed.
@BBcan177 can chime in if he has free cycles.

Thanks for pointing me in the right direction.

@stephenw10 said in pfBlockerNG - unbound-control process spikes CPU to 100% every few seconds [SOLVED]:

So just the list containing a bunch of obsolete domains?

Not sure how many domains in that list are obsolete, and if that was the issue, however, what led me to actually remove the list is the fact that there are tons of legit domains in that list that pfBlocker was blocking. If you check the list, you will see asus.com and sony.com in there. And there is absolutely no reason to blacklist those sites. They are legit.

Then I thought this was actually a whitelist that i was using as blacklist, but then you find all those porn sites in there and tons of other entries that are present in legit block lists. Its a mess.

I just removed it and it all works.

@deanfourie
How do you know pfblockerng is blocking your VPN? Screenshot your log showing the block.

@deanfourie said in Microsoft hostname resolving to pfBlocker virtual IP?:

Any idea how this could be?

You have it blocked in pfblocker..

its not blocked here

;; QUESTION SECTION: ;v10.events.data.microsoft.com. IN A ;; ANSWER SECTION: v10.events.data.microsoft.com. 3600 IN CNAME global.asimov.events.data.trafficmanager.net. global.asimov.events.data.trafficmanager.net. 3600 IN CNAME onedscolprdwus11.westus.cloudapp.azure.com. onedscolprdwus11.westus.cloudapp.azure.com. 3600 IN A 20.189.173.12

@anna-count It's probably expected.
I guess the question would be "Why would you want to block a point to point?" but that's just a guess.
I use /31's for my VPN connections so pfSense does work with them but pfBlocker probably does not.
Just a guess though.

@justme2 Here is the answer as Gertjan said:

"A ping to 127.0.0.1 should always work. Consider a non working 127.0.0.1 as a massive failure."

@gertjan Thanks again. Since I dont have 2.6 running but am interested once the problems I have are resolved allow me to ask whether with 2.6 it will find the ASN number (as 2.5.2 did) as I type in the domain name. Or do I have to go and find the ASN number first. Parry

@patrick999 said in GeoIP not working? Where is rule?:

I set it to deny inbound for every region except North America

It should take less resources to do it the other way, allow North America. I usually use Alias Native and then can use it in my own rules, such as the Source on a NAT rule.

@provels It depends on whether one leaves the tab open as I do and how often one post to the site. If one goes to more when logged into account Settings and privacy > Ads preference > Interest, you could see thousands of interest Twitter Algorithm selected base on one's interaction with each tweet. I even selected that I don't want to see ads. So, there is a browser container add on from Github to prevent cookie snooping.