pfblocker pfb_dnsbl service not starting
-
-
Yikes ....
You saw that 298987882 ? That a file size in bytes.
Or 300 Mbytes or so.Please, confirm that you follow the "I use pfBLockerng in '2025' mode" aka 'python mode':
and if this is the case, delete that huge "pfb_dnsbl.conf" file.
Hummm, it was created moments ago.
You are, I guess, still using pfBlockerng with 'unbound' mode.
Long story short : ..... don't (or at least, be ware of the consequences, like the problem you now have ^^) -
I used the unbound mode not python.
I just changed to python mode and force reload all and the issue is still there.
-
The big file is gone ?
/var/unbound/dnsbl_cert.pem really isn't there ?During the reload : this part :
.... Saving DNSBL statistics... completed [ 10/8/25 14:30:26 ] Reloading Unbound Resolver (DNSBL python). Stopping Unbound Resolver. Unbound stopped in 2 sec. Additional mounts (DNSBL python): No changes required. Starting Unbound Resolver... completed [ 10/8/25 14:30:28 ] Resolver cache restored [ 10/8/25 14:30:29 ] DNSBL update [ 79112 | PASSED ]... completed ....what does your reload log say ?
You can also try : stop unbound manually on the dashboard.
Count to 3.
Start it on the same place.
Restart/reload pfBlockerng again. -
-
@Gertjan said in pfblocker pfb_dnsbl service not starting:
You can also try : stop unbound manually on the dashboard.
Count to 3.
Start it on the same place.
Restart/reload pfBlockerng again.I cannot find a place to stop unbound from dashboard. Is that in the pfsense+ web interface ?
-
@popeel-SSH said in pfblocker pfb_dnsbl service not starting:
/var/unbound/dnsbl_cert.pem still isn't there.
Look at mine :
It was (re) created 8 days ago, that's more then a week.
That was, I guess ? when I re reinstalled (== upgraded) pfgBlockerng.
So ... not sure, it isn't recreated every time ??Look at : /usr/local/pkg/pfblockerng/pfblockerng.inc line 181 : that where the file is created.
That will happen when you (re) install pfBlockerng.So, give that a try ?
If there is an happy end, it will be announced by :
Btw : remove all huge DNSBL feeds first.
Go minimal mode first, nothing fancy :
I mean, I can see the place where the lighttpd config file are created (and the the cert file) at the final "update DNSBL files" stage. if that stage isn't reached, the file never gets created etc.
-
I don't want to run any files outside the box as it's in productions. :(
I have removed the package > install it > run the wizard to configure the basic setup. (Just select LAN & WAN)
When I gone and change the python mode and reload it doesn't install the certificate and manual start gives the error
"/var/unbound/dnsbl_cert.pem: No such file or directory"
I have send a message to the developer and waiting for any update.
-
@popeel-SSH said in pfblocker pfb_dnsbl service not starting:
I don't want to run any files outside the box as it's in productions.
Outside ? What do you mean ?
My turn :
I deleted /var/unbound/dnsbl_cert.pem
Now, like you :[25.07.1-RELEASE][root@pfSense.bhf.tld]/var/unbound: ll /var/unbound/dnsbl_cert.pem ls: /var/unbound/dnsbl_cert.pem: No such file or directoryI did a full reload (and scrolled trough the resulting log) :
You see what happened (green ^^).
And the file was there again :
[25.07.1-RELEASE][root@pfSense.bhf.tld]/var/unbound: ll /var/unbound/dnsbl_cert.pem -rw-r--r-- 1 root unbound 3359 Oct 8 15:51 /var/unbound/dnsbl_cert.pemFor some reasons, your 'pfSense' can't create a cert ? Or it can create the cert, but can't save it at the /var/unbound/ destination..... Hummm.
I'll take this one @home, study it somewhat to find out the reason what can be the reason. -
Yes. It's not the only file that cannot create. There is a SSL certificate file needs to be in the same location and mine it is not.
Please let me know if you find anything.
I will wait couple of days and maybe rebuild the firewall and see if that does anything.
Thanks for your time.
-
@popeel-SSH said in pfblocker pfb_dnsbl service not starting:
Yes. It's not the only file that cannot create. There is a SSL certificate file needs to be in the same location and mine it is not.
The "dnsbl_cert.pem" is the web servers (lighttpd) certificate file.
Other files are missing ? -
@Gertjan Yes. As you can see my screenshot of the unbound directory.
I am planning to rebuild the pfsense and try that. I will update you.
Thanks
-
I have reinstall the firewall from the fresh and installed pfBlocker with minimal settings, and it is functioning properly.
After that, I performed a factory reset on the firewall, restore our config.xml, and installed pfBlocker NG with the same minimal settings, but I encountered the same error, and the certificate was not created.
Not sure what is in my config should stop this ??
These are the files in my /var/unbound
-
This :
@popeel-SSH said in pfblocker pfb_dnsbl service not starting:
performed a factory reset on the firewall, restore our config.xml
is a null operation.
Your "pfSense" as installed, is always the same.When you discard your own setup, and go to the default setup, and re assign interface, and make it work again (LAN+WAN), and then import your previous config file, your back at square zero.
-
I tried that too.
PFSence factry default> setup the firewall basic (without any of our config)> Install pfblockerNG run the wizard with only WAN and LAN > both pfblocker and DNSBL service runs fine and start up okay.
When I restore the config to the firewall it's then stop working.
It's something in our config causing this to stop.
Let's see pfblocker support can help on this.
I will keep updating.
Thanks
-
