DNSBL stopped
-
I have upgrade to version 2.6.0 and after the upgrade PFBlockerNG DNSBL has stopped working. I get the error:
(Python mode) is disabled with errors!
review py_error.logWhen I look at that log file it is empty. Not sure where to go from here. Please help.
-
Your other post showed you're using the DNS Forwarder (dnsmasq) but DNS-BL is only compatible with the DNS resolver (Unbound).
Since this was working before can I assume you're actually running the resolver? Is this the same firewall?Is anything shown in the DNS logs?
Steve
-
@stephenw10
Yes, Sorry I am running resolver not forwarder. The resolver is the one giving me the issue as well as the DSN-BL. The logs are emtpy no issues found, but I am getting the python mode error on the DNS-BL. -
S stephenw10 referenced this topic on
-
Ok I'll close the other ticket, let's continue here.
So does Unbound stop if you disable DNS-BL?
Do you see any errors if you run an update in pfBlocker?
Steve
-
@mrjoli021 said in DNSBL stopped:
. The logs are emtpy no issues found, but I am getting the python mode error on the DNS-BL.
is not the same as
@mrjoli021 said in DNSBL stopped:
review py_error.log
When I look at that log file it is empty.can you Diagnostics > Command Prompt: :
ls -al /var/log/pfblockerng/py_error.log
You did a Firewall > pfBlockerNG > Update
Reload : All?
Show an image of the error ?
-
@gertjan said in DNSBL stopped:
ls -al /var/log/pfblockerng/py_error.log
Hello,
I was able to cat the file and this is the output.
I have checked and I dont have DHCP options enabled. I did at one point, but since have restarted the firewall, updated the pfBlockerNG and reloaded it. I have also restarted the resolver multiple times (every time it crashes).
-
@mrjoli021 said in DNSBL stopped:
I was able to cat the file and this is the output.
Then empty it :
Ok to use the forward mode (but why ?) :
If you want to use forward mode with TLS, it uses port 853 on the remote DNS servers, you have to set up these services correctly.
And just must be sure that the DNS server you forward to support DNS over TLS.For example :
"one.one.one.one" is the host name of 1.1.1.1 - one.one.one.one is one of the CN present in the certificate of 1.1.1.1, remember, this is TLS.
Likewise, "dns.google" is the host name of 8.8.8.8@mrjoli021 said in DNSBL stopped:
(every time it crashes)
Strange. Unbound, the resolver never crashes on me.
I'm using the default settings, I'm not forwarding (why should I ?) maybe that helps ;) -
G Gertjan referenced this topic on
-
G Gertjan referenced this topic on
-
There's pretty much no point enabling DNSSec in forwarding mode. But that wouldn't cause it to stop.
What's in the Resolver logs? -
@stephenw10
This is what is in the resolver logs. I am using quad9 as my DNS.
-
Issue has been resolved. Once I removed the DNSSec setting PfBlockerNG started up and so far Resolver has not crashed.