Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    PfBlockerNG 2.0 & BIND 9.4

    Scheduled Pinned Locked Moved pfBlockerNG
    6 Posts 3 Posters 2.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      simby
      last edited by

      Hi!

      Is it possible for pfBlockerNG v2.0 w/DNSBL to work with BIND 9.4?

      How can i do this?

      1 Reply Last reply Reply Quote 1
      • BBcan177B
        BBcan177 Moderator
        last edited by

        @simby:

        Hi!

        Is it possible for pfBlockerNG v2.0 w/DNSBL to work with BIND 9.4?

        How can i do this?

        DNSBL is hardcoded to only use Unbound. However, you can still use Bind but would have to set Binds Outbound Forwarder to point to the pfSense Resolver so that DNSBL could be utilized.

        "Experience is something you don't get until just after you need it."

        Website: http://pfBlockerNG.com
        Twitter: @BBcan177  #pfBlockerNG
        Reddit: https://www.reddit.com/r/pfBlockerNG/new/

        1 Reply Last reply Reply Quote 0
        • G
          gewuerzgurke84
          last edited by gewuerzgurke84

          Hi Guys,

          Because I really like both pfBlockerNG and using a (complete) DNS Server I've done some research and build a script that allows transforming pfBlockerNG DNS Blocklists to something bind compatible. See https://github.com/gewuerzgurke84/pfSense-blockerNG2named

          Enjoy!

          Best Regards
          Alex

          1 Reply Last reply Reply Quote 1
          • G
            gewuerzgurke84
            last edited by

            Hi @BBcan177 ,

            any chance to talk about a future integration of DNSBL feature with Bind9 from pfSense Ports?
            I've already implemented away outside of pfblockerNG to setup a configuration that contains all blocked domains, which is also compatible with the VIP. From my point of view the changes to pfblockerNG would be:

            • Write a configuration for bind which holds all domains
            • Write a dummy zone file that points to the VIP
            • Include this configuration into the bind view (choice should be left to the user)

            Best Regards

            1 Reply Last reply Reply Quote 0
            • BBcan177B
              BBcan177 Moderator
              last edited by

              @gewuerzgurke84 said in PfBlockerNG 2.0 & BIND 9.4:

              any chance to talk about a future integration of DNSBL feature with Bind9 from pfSense Ports?
              I've already implemented away outside of pfblockerNG to setup a configuration that contains all blocked domains, which is also compatible with the VIP. From my point of view the changes to pfblockerNG would be:

              Write a configuration for bind which holds all domains
              Write a dummy zone file that points to the VIP
              Include this configuration into the bind view (choice should be left to the user)

              Best Regards

              There is a lot of work to use anything other than Unbound... So its pretty much the same answer for either DNSMasq or Bind...

              Won't this option work from my previous post:

              DNSBL is hardcoded to only use Unbound. However, you can still use Bind but would have to set Binds Outbound Forwarder to point to the pfSense Resolver so that DNSBL could be utilized.

              "Experience is something you don't get until just after you need it."

              Website: http://pfBlockerNG.com
              Twitter: @BBcan177  #pfBlockerNG
              Reddit: https://www.reddit.com/r/pfBlockerNG/new/

              G 1 Reply Last reply Reply Quote 0
              • G
                gewuerzgurke84 @BBcan177
                last edited by

                Won't this option work from my previous post:

                DNSBL is hardcoded to only use Unbound. However, you can still use Bind but would have to set Binds Outbound Forwarder to point to the pfSense Resolver so that DNSBL could be utilized.

                Sure, I've succesfully tried to use unbound as bind's forwarder to allow DNSBL. The downside of this solution is the poor dns performance and the overall complexity of the setup.

                The advantages of a setup using pfBlockerNG and bind are:

                • an autoritative dns server to host local zones
                • DNSBL features in place per view (which can be similiar as defining DNSBL per Interface)
                • the functionalities from bind itsself
                • few dependencies

                I found a very nice way to put all the zones from pfBlockerNG into bind using RPZ feature. (http://www.zytrax.com/books/dns/ch9/rpz.html) This way I've added ~300.000 blocklist zones into several views with very low memory footprint :) I'll update the script into my github repo.

                1 Reply Last reply Reply Quote 1
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.