pfBlockerNG with external BIND DNS

asterix

I am looking for an option to use pfBlockerNG just with an external BIND DNS server which is on the network. I do not want multiple DNS services on my network and my entire network uses the BIND server which is tailored for internal and external name resolutions.

Is there anyway I can get rid of unbound DNS which is installed on pfSense? And let pfBlockerNG deal with BIND DNS instead of unbound?

Any help would be much appreciated.

asterix

Anyone knows how this can be achieved?

Gertjan

@asterix said in pfBlockerNG with external BIND DNS:

And let pfBlockerNG deal with BIND DNS instead of unbound?

pfBlockerNG informed you that :

so, if unbound isn't there, DNSBL isn't possible for pfBlockerNG .

edit : dono how pfBlockerNG vehaves - what it can do if unbound isn't running at all.
It could create aliases, to be used by the firewall.
Never tested such a situation.

I guess it's possible to inform all you LAN(s) clients(s) and pfSense itself that there are DNS servers available elsewhere. These could be some where local.

Getting rid of unbound :

Uncheck, Save and Validate.

asterix

That wont work since pfBlockerNG, once enabled, service starts the unbound dns service.

Gertjan

@asterix said in pfBlockerNG with external BIND DNS:

That wont work since pfBlockerNG, once enabled, service starts the unbound dns service.

I de activated the DNSBL part of pfBlockerNG.
Saved.
De activated pfBlockerNF totally.
Saved.

Now I de activated unbound.
Saved.

Re activated pfBlockerNG - and remember, without the DNSBL part.
Only the IP part is activated.

pfBlockerNG started.

Only the filter reload process works. Not the DNSBL part.

unbound, as it was de activated, was NOT activated :
It's absent from this list :

( I checked of course on the command line if some instance of unbound was running : it wasn't )

As I have no DNS alternative, like dnsmasq = the forwarder, pfSense now hasn't any DNS resolve capabilities, which gives nice side effects .....

But the thing is : if unbound is user de activated, pfBlockerNG won't enable / start it.
The DNSBL won't work, as it needs unbound to do it's work. Not some DNS resolver from elsewhere.

asterix

@gertjan

Yes but that beats the purpose. You don’t have DNSBL to block ads, etc

I want pfblockerng to just use my configured BIND DNS for all lookups. Unbound is shitty.

asterix

I think I have found a very easy way to bypass unbound.

In general setup/DNS Resolution Behavior I changed it to use remote DNS servers and ignore local DNS. And in DNS Server Settings I added my local BIND DNS ip addresses.

In client ip address assignment, I still give pfSense IP address for dns, however pfSense just ignores unbound and uses my local dns for resolutions. It’s still utilizing the DNSBL and IP blocklists as they are defined in the firewall floating rules by pfblockerng.

Resolutions now are much faster. Hope this keeps working as I just could not stand unbound resolution performance issues.