issue pfblocker-NG-Devel 3.1

scorpoin

Having strange issue after moving on new updated version of PFsense.

I observed a yellow mark on pfblocker-ng with message

unbound mode out of sync 

Ive update with forced and found an other strange thing about TLD counter

  ** TLD Domain count exceeded. [ 4000000 ] All subsequent Domains listed as-is **

I tried unchecked save setting and then click on save and recheck the save setting and then again save. Finally run force update.
Still same and I also observed high memory consumption which is about 43% of my server memory . I have 64gb of RAM .

Any idea what is wrong.

Regards

scorpoin

Any one ? what is wrong with pfblocker-ng or am I doing some thing wrong that cause this behavior?

Gertjan

@scorpoin said in issue pfblocker-NG-Devel 3.1:

Any idea what is wrong.

Way to much feeds ?

The '4000000 ' means you have 4 million domain / host names listed in all feeds combined.
So for every DNS request, these have to get parsed.
Even a huge I9 or Ryzen would get hot here. The PHP or Python process runs on just one core.

What about the other way around ? While liit only a select list of host names, and block the rest ? ( I know, that also a 'stupid' approach ).

** TLD Domain count exceeded. [ 4000000 ] All subsequent Domains listed as-is **

The update process fails. Hence the "out of sync".

scorpoin

@gertjan Thanks for your response. I've disabled some of my list yet still same. What about out of sync issue how do I fix that issue . Ive tried disbling and reenabling pfsense and force to update yet no change. still having yellow mark on main dashboard front of DNSBL .

Regards

scorpoin

Still yellow mark unbound out of sync . I dont know how to fix this now .I've removed many list ?

Regards

Gertjan

@scorpoin

No warnings here :

?

scorpoin

This post is deleted!

scorpoin

@gertjan Well here is log file

lDNSBL_Log

Still same yellow icon on DNSBL.

jdeloach

@scorpoin said in issue pfblocker-NG-Devel 3.1:

@gertjan Well here is log file

lDNSBL_Log

Still same yellow icon on DNSBL.

Goto Firewall/pfBlockerNG/Log Browser/Logs/Log Files and then select 'error.log' in the drop down and clear all entries in the 'error log' file, next go back to pfBlockerNG/Update and then Select 'Force' 'Reload' 'All' 'Run' (the blue box) and see if the yellow icon goes away. In most cases this will fix the issue you are having.

A search of messages on this Forum for the yellow icon in pfBlockerNG would have given you this information.

Edit: What message does it display when you move cursor over the top of yellow icon?

Gertjan

@jdeloach

Yeah ^that.

Looking at your log, starting start at line 375 I see the word "Error ..."
That's a no go.

Btw : The Resolver needed 17 seconds to stop.
Big advice : severely upgrade your pfSense.
Or remove all the feeds that are empty anyway.
Probably 10 % of all your feeds will stop already 99,x % so what about removing 90 % of all your feeds ??

I advice you to use Python mode.

scorpoin

@gertjan
I've removed all dead and also minimized the list . Now following
error

 TLD Whitelist - Missing data | login.live.com | login.msa.msidentity.com. |

 TLD Whitelist - Missing data | gateway.messenger.live.com | ph0mgt0101dc004.prdmgt01.prod.exchangelabs.com. msnhst.microsoft.com. 2019259843 300 120 2419200 60 |

 TLD Whitelist - Missing data | client-s.gateway.messenger.live.com | client-s.gateway.messenger.geo.msnmessenger.msn.com.akadns.net. |
Error: error in making qname

 TLD Whitelist - Missing data | .google.com | No IP found! |
 TLD Whitelist gmail.com|142.250.185.37
Error: error in making qname

 TLD Whitelist - Missing data | .login.yahoo.com | No IP found! |

 TLD Whitelist - Missing data | outlook.live.com | outlook.ha.office365.com. |
Error: error in making qname

 TLD Whitelist - Missing data | .amazonaws.com | No IP found! |
Error: error in making qname

 TLD Whitelist - Missing data | .hotmail.com | No IP found! |
Error: error in making qname

 TLD Whitelist - Missing data | .verisign.com | No IP found! |

what is Error: error in making qname error ? how do I resolve this.

Regards

Gertjan

@scorpoin said in issue pfblocker-NG-Devel 3.1:

how do I resolve this.

By finding the pace where this errors happens.
Could be "TLD Whitelist" related ;=)

Go to Firewall > pfBlocker > NGDNSBL
Scroll down to "DNSBL Whitelist".

Copy / cut everything in there and put it in a safe place elsewhere.
Now, that block is empty.
save.
Update Force Reload All.
Error message gone ?