Unbound errors after 24.11 update
- 
 @Gertjan Thanks, good idea. I will try increasing the log level. Unfortunately pfblockerNG-devel did not solve the issue. 
- 
 It seems to have been resolved and not having any errors for the last 3 days. I had to switch pfblocker from python mode to unbound mode. pfblocker is still working as well as unbound, so I'm ok with this. 
- 
 @Raffi_ said in Unbound errors after 24.11 update: I had to switch pfblocker from python mode to unbound mode. Why Python mode was invented : read the end of this https://forum.netgate.com/topic/195824/after-updating-to-24-11-extremley-slow-apply-changes/10?_=1736231986710 I'm still convinced that you use a DNSBL "that no one else is using", or you've copied pasted a DNSBL yourself as a whitelist (just examples of what might have gone wrong) and that DNSBL (host name) contains invalid chars. 
 Result : the python script bails out.
 What happens if you back you config.
 Then remove all dnsbl and other stuff you've added.
 I'll bet the error is now gone.
 From that point on, add one by one - and test extensively between each step - what you've had before, up until the error comes back.
- 
 @Gertjan Thanks for the advice. I have tried as you suggested. I took screenshots and copied my pfblocker settings and made a full pfsense backup. 
 I unchecked the box to retain settings and enable pfblocker. Forced reload. Uninstalled the pfblockerng-devel package.I installed pfblockerng and went through the setup wizard with defaults. I added nothing else to the config and only enabled python mode. Within several minutes, I saw the same python errors again in Unbound. By default, only the IPV4 list was added which I did not have enabled before. Then I believe only the Steven's black host list was there under DNSBL. I still have no clue what is going on. I have no desire to wipe my entire system and start fresh over this. I will just leave it running in unbound mode, which also happens to be the default after the wizard is ran. 
- 
 @Raffi_ said in Unbound errors after 24.11 update: Then I believe only the Steven's black host list was there under DNSBL. That's the one I'm using. 
 https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts==  and as we both use the same "pfBlockerng" script code and the same DNSBL file, its more unlikely now that it isn't pfBlockerng, neither the DNSBL file. 
 Your pfSense 'files' and mine are also identical.Btw : I'm using  You know what this mean : 
 Question : what is different between your pfSense and mine ?
 Answer : our GUI settings ....You could do this : 
 [get a pfSense config backup]
 Remove all DNSBL feeds
 Remove all IP feds
 Remove pfSense package and do not retain settings.
 I would even add : get a new copy of the pfSense config file, open it (notepad++) and remove all pfBlockerng traces.
 Import this edited file and reboot.Check for a while if the system is ok. Then install pfBlockerng. 
 Activate it. and don't do anything else. 
 So, now, pfBlockerng doesn't do anything.Check for a while if the system is ok. Now, get just one DNSBL : take the Steven list - just this list. Check for a while if the system is ok. 
- 
 @Gertjan That is what I did minus manually editing out config file. I wiped out the pfblocker settings and installed and started fresh with the setup wizard when it is fist launched. I even uninstalled pfblockerng-devel and installed pfblockerng during this process to add another variable of trying something different to the equation, but still the same. I might have something weird going on with my setup because even when I try to change the view in the logs from displaying more or less lines, I get an error which says "Shouldn't be here". That is the weirdest error message I have seen. I haven't noticed other issues with the setup other than python mode and this so far. I might try to reboot overnight.  
- 
 Default is "1000", "3000" is what I have. 
 200 seems way to low.Remember : the logs pages are the most important pages in the pfSense GUI. 
- 
 @Gertjan Thanks, makes sense for it to be higher. It is currently at 1000, but the point is not the value, it's the fact that I can't change it. When I hit the save button to change it to any value, I get that message. I don't mean to take this thread into another topic. I just wanted to point out I have more than one really odd thing going on. So it could be something more than just pfblocker python mode which is broke. Interestingly, if I go to the log settings tab which is for all logs I thought, I can change the value there. It appears to change if for nearly all tabs, except for System > general, DNS resolver and OpenVPN. The value does not change there and I can't change it via the wrench icon. Again, I'm not looking for a solution to this issue. I can open another thread for that if needed. Just pointing out odd things as I'm seeing them. 
- 
 So I saw a very similar remine https://redmine.pfsense.org/issues/15723 but it seems this is already applied to 24.11. I tried to manually fetch it in case it somehow was missing in my instance. It does seem to be applied already after fetching it and it made no difference in my case. So my question is, how does one go about posting this on redmine as a bug? I'm not seeing another entry with my exact errors. 
- 
 @Raffi_ If you create an account on that site, on the Issues tab there is a small link:  The Project dropdown allows for pfSense vs choosing a Package+Category. 
- 
 @Raffi_ The input validation error is already fixed. Download the System Patches package and apply all the recommended patches. 
- 
 @marcosm said in Unbound errors after 24.11 update: @Raffi_ The input validation error is already fixed. Download the System Patches package and apply all the recommended patches. Thanks, but I already have all recommend patches applied. Also, the one you mention about input validation errors applies to traffic shaping, which I'm not even using. But in any case that is also applied. My issue is specifically occurring when pfblockerng in python mode. In my case, the errors in my first post are reproducible every time it is switched to python mode. 
- 
 @SteveITS Thank you, done. 
- 
 @Raffi_ I'm referring to the "Shouldn't be here" input validation message. You shouldn't see that with all recommended patches applied while on 24.11 with the latest version of the System Patches package. 
- 
 @marcosm Oh yea, that error is definitely fixed by the patches. Thanks. I posted confirmation on that other thread in case someone else ran into it. 
 

