Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    DNS Resolver fails after enabling pfBlockerNG (DNSBL)

    Scheduled Pinned Locked Moved DHCP and DNS
    6 Posts 2 Posters 342 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      beluclark
      last edited by

      Does anyone have any idea why the DNS Resolver doesn't work after enabling DNSBL? I tried doing some diagnostics (Diagnostic -> DNS Lookup), but unfortunately, 127.0.0.1 returns "No response".

      GertjanG 1 Reply Last reply Reply Quote 0
      • GertjanG
        Gertjan @beluclark
        last edited by

        @beluclark

        Look at the pfblockerng.log file : go to the bottom, and from theer on, go up and find the latest unbound restart : you should find :

        4e207bc1-083e-4c36-9989-7771046d0626-image.png

        I saw this :

        ea0bf9de-36a9-4ef1-8d32-5024b67c8fdb-image.png

        Next step : very first test / check : is unbound still running ?

        (SSH or console command line !!)

        [24.03-RELEASE][root@pfSense.bhf.tld]/root: ps aux | grep 'unbound.conf'
unbound 47572   0.0  3.3 155348 132220  -  Ss   15:36      6:02.13 /usr/local/sbin/unbound -c /var/unbound/unbound.conf

        Is unbound listing on '127.0.0.1' ?

        [24.03-RELEASE][root@pfSense.bhf.tld]/root: sockstat | grep 'unbound'
unbound  unbound    47572 3   udp6   *:53                  *:*
unbound  unbound    47572 4   tcp6   *:53                  *:*
unbound  unbound    47572 5   udp4   *:53                  *:*
unbound  unbound    47572 6   tcp4   *:53                  *:*
unbound  unbound    47572 8   tcp4   127.0.0.1:953         *:*

        This shows me that u bound is listening on all ( ! ) existing interfaces, using port 53 ( of course ) using TCP and UDP, IPv4 and IPv6.

        No "help me" PM's please. Use the forum, the community will thank you.
        Edit : and where are the logs ??

        B 1 Reply Last reply Reply Quote 0
        • B
          beluclark @Gertjan
          last edited by

          @Gertjan said in DNS Resolver fails after enabling pfBlockerNG (DNSBL):

          I saw this :

          ea0bf9de-36a9-4ef1-8d32-5024b67c8fdb-image.png

          Yes, I have the same logs..

          Unbound was still running and listening to 127.0.0.1:53 (*:53).

          GertjanG 1 Reply Last reply Reply Quote 0
          • GertjanG
            Gertjan @beluclark
            last edited by

            @beluclark said in DNS Resolver fails after enabling pfBlockerNG (DNSBL):

            Unbound was still running and listening to 127.0.0.1:53 (*:53).

            The, even when you ask it utterly BS? it should reply :

            7e9d18ca-374b-4307-aec2-9826ea193e8e-image.png

            with no answer as there isn't an answer.
            This is better :

            adfdb7d5-c47c-4326-8c9f-732400986c3c-image.png

            No "help me" PM's please. Use the forum, the community will thank you.
            Edit : and where are the logs ??

            B 1 Reply Last reply Reply Quote 0
            • B
              beluclark @Gertjan
              last edited by

              @Gertjan Unfortunately,

              f3c0fd4a-8f12-4c62-897d-d95fcb47ee61-image.png

              GertjanG 1 Reply Last reply Reply Quote 0
              • GertjanG
                Gertjan @beluclark
                last edited by

                @beluclark said in DNS Resolver fails after enabling pfBlockerNG (DNSBL):

                Unfortunately

                Is it ? The image you've shown is like mine : the unbound answer is correct, The host couldn't be resolved.

                Way better as the GUI : the command line (not the GUI command line of course).
                SSH will do just fine, menu option 8.

                Ask unbound to resolve "google.com", using 127.0.0.1, as unbound listens on 127.0.0.1 :

                dig @127.0.0.1 google.com

                or even

                dig @127.0.0.1 google.com +trace

                No "help me" PM's please. Use the forum, the community will thank you.
                Edit : and where are the logs ??

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.