PFBLOCKERNG DNSBL update failing

RonpfS

@jbedgood:

Is anyone else having issues with the pfblockerng cron jobs constantly running and failing to update DNSBL?

I've tried running it with just a single dnsbl feed and no matter what changes I make it constantly fails to update.

Anyone have any suggestions how to solve this?

I'm running pfsense 2.3.2 release
pfblockerng 2.1.1_4

Did you look at the Logs tabs ? pfblockeng.log, dnsbl.log, error.log etc. And the Status / System Logs / System / General.

jbedgood

When I check the logs during the hung update this is all that shows up in the pfblockerng.log the other logs don't show anything.

**Saving configuration [ 09/05/16 14:18:42 ] …

**Saving configuration [ 09/05/16 14:18:50 ] …

**Saving configuration [ 09/05/16 14:18:57 ] …

Adding Unbound Server:Include line... completed
Validating database... completed
Reloading Unbound.... completed
DNSBL update [ 0 | PASSED  ]… completed

DNSBL - Adding Unbound custom 'include' option

Saving new DNSBL web server configuration to port [ 8081 and 8443 ]
Saving pfSense config…
VIP address configured. Widget Packet statistics reset.
Restarting Service DNSBL...
UPDATE PROCESS START [ 09/05/16 14:19:03 ]

===[  DNSBL Process  ]================================================

RonpfS

What are you using for DNSBL Feeds ?

jbedgood

@RonpfS:

What are you using for DNSBL Feeds ?

For the feeds I have these

http://someonewhocares.org/hosts/hosts
https://adaway.org/hosts.txt

and

I have setup the DNSBL Easylist selecting all categories.

The issue here is I've tried disabling and only using one feed and no easylist and it still just hangs and won't complete the update.

RonpfS

No space or special characters in DNS GROUP Name or Header/Label
You selected Unbound for List Action ?
Did you try running a Force Upload ? Force Reload DNSBL?

jbedgood

@RonpfS:

No space or special characters in DNS GROUP Name or Header/Label
You selected Unbound for List Action ?
Did you try running a Force Upload ? Force Reload DNSBL?

Thats correct nothing abnormal in the naming etc. This was and had been working with this exact setup for months but I noticed this hang issue after the last pfblockerng update. But I can't prove that is the cause and I can't figure out how to roll back to the previous version to see if that solves the issue. I've done the Force upload and reload nothing seems to fix it.

RonpfS

Strange, is that all you find in pfblockng.log ?
Nothing in system logs? No crash report in Dasboard?
Diagnostics System Activity show any pfblockerng process taking CPU time?
Disk full?

jbedgood

@RonpfS:

Strange, is that all you find in pfblockng.log ?
Nothing in system logs? No crash report in Dasboard?
Diagnostics System Activity show any pfblockerng process taking CPU time?
Disk full?

The Disk is no where near full. I have 887G free right now. The pfblockerng.log shows what I posted before that the DNSBL process is started but it doesn't do anything else after that just keeps running constantly.

When the update is running the diag system activity shows the following constantly:

CPU Activity
last pid: 70501;  load averages:  0.93,  0.46,  0.42  up 3+16:52:10    14:56:59
140 processes: 6 running, 111 sleeping, 23 waiting

Mem: 33M Active, 129M Inact, 328M Wired, 274M Buf, 5259M Free
Swap: 16G Total, 16G Free

PID USERNAME PRI NICE  SIZE    RES STATE  C  TIME    WCPU COMMAND
  11 root    155 ki31    0K    64K CPU3    3  88.7H 100.00% [idle{idle: cpu3}]
51179 root    103    0  224M 33936K CPU2    2  2:40 100.00% /usr/local/bin/php /usr/local/www/pfblocke
  11 root    155 ki31    0K    64K CPU0    0  88.6H  94.78% [idle{idle: cpu0}]
  11 root    155 ki31    0K    64K RUN    1  88.7H  90.38% [idle{idle: cpu1}]
  11 root    155 ki31    0K    64K RUN    2  88.4H  23.58% [idle{idle: cpu2}]
69419 root      21    0  262M 31868K piperd  3  0:00  0.20% php-fpm: pool nginx (php-fpm)
  12 root    -92    -    0K  368K WAIT    1  3:40  0.00% [intr{irq269: re0}]
  12 root    -60    -    0K  368K WAIT    0  3:14  0.00% [intr{swi4: clock}]
    0 root    -92    -    0K  256K -      2  2:15  0.00% [kernel{em0 que}]
37091 unbound  20    0 72168K 43364K kqread  0  0:36  0.00% /usr/local/sbin/unbound -c /var/unbound/un
    5 root    -16    -    0K    16K pftm    0  0:30  0.00% [pf purge]
    0 root    -16    -    0K  256K swapin  2  0:30  0.00% [kernel{swapper}]
  15 root    -16    -    0K    16K -      0  0:24  0.00% [rand_harvestq]
  16 root    -68    -    0K  240K -      2  0:16  0.00% [usb{usbus0}]
49933 root      52  20 17000K  2564K wait    1  0:12  0.00% /bin/sh /var/db/rrd/updaterrd.sh
  323 root      20    0 13624K  4836K select  0  0:08  0.00% /sbin/devd -q
44387 root      20    0 21036K  5008K select  0  0:08  0.00% /usr/local/sbin/miniupnpd -f /var/etc/mini
38306 ladvd    20    0 19212K  2804K kqread  3  0:06  0.00% ladvd: child (ladvd)

RonpfS

Maybe you could post the pfblockerng.log from the last successfull update till now. Extras.log and error.log. (use the [ code] [ /code] (without the space!) to format the text)

And a screenshot of the Feeds, and DNSBL Easylist in case we see something.
When you go to the Update tab, does it show the running status ?

jbedgood

@RonpfS:

Maybe you could post the pfblockerng.log from the last successfull update till now. Extras.log and error.log.

And a screenshot of the Feeds, and DNSBL Easylist in case we see something.
When you go to the Update tab, does it show the running status ?

I had cleared the logs so I could find the hang because there was so much in there I couldn't tell where it was. So there is no successful attempts in it any longer. I can post the pictures of the easylist sure and I can post the update tab running status but its the same that the pfblockerng.log shows..just the DNSBL Process started.


RonpfS

Well it possible to download the log to your computer and look at it with a text editor.
Now you don't have much to debug the failure mode.

Go to Diagnostice Command prompt and execute

ps -axwwwll | grep pfb

Do you see many pfblockerng.php running?

jbedgood

@RonpfS:

Well it possible to download the log to your computer and look at it with a text editor.
Now you don't have much to debug the failure mode.

Go to Diagnostice Command prompt and execute

ps -axwwwll | grep pfb

Do you see many pfblockerng.php running?

No I manually kill the process because it just hangs there. So there is none running right now. If I run the update again there will be one process running and won't stop unless I manually stop it. I have let it go for days in the past to see if it would complete and it never did.

RonpfS

@jbedgood:

I had cleared the logs so I could find the hang because there was so much in there I couldn't tell where it was. So there is no successful attempts in it any longer.

Go to the Firewall / pfBlockerNG / Log Browser and look at the files. You can download them in that tab.

What about a screen shots of the DNSBL feeds ?

Disable all DNSBL feeds excepts DNSBL EasyList, hit Force Reload All and post the log.

jbedgood

@RonpfS:

@jbedgood:

I had cleared the logs so I could find the hang because there was so much in there I couldn't tell where it was. So there is no successful attempts in it any longer.

Go to the Firewall / pfBlockerNG / Log Browser and look at the files. You can download them in that tab.

What about a screen shots of the DNSBL feeds ?

Disable all DNSBL feeds excepts DNSBL EasyList, hit Force Reload All and post the log.

These are the only log files that had anything in them

[log files.zip](/public/imported_attachments/1/log files.zip)

RonpfS

No extras.log ? maxmind_ver ? dnsbl.log error.log ? or you empty them?

jbedgood

@RonpfS:

No extras.log ? maxmind_ver ? dnsbl.log error.log ? or you empty them?

I had emptied them all before and when I do the for reload all nothing shows up in them.

RonpfS

Why?  :o

You lost the history of what happened. Log files don't do any harm to the system and will not break anything in pfblockerNG.

Just a wild guess would be to put something in the description field but it may not change anything.

RonpfS

Are you able to download the Easylist URL https://easylist-downloads.adblockplus.org/easylist_noelemhide.txt &
https://easylist-downloads.adblockplus.org/easyprivacy.txt ?

Nothing is blocking in the FW logs?

jbedgood

@RonpfS:

Why?  :o

You lost the history of what happened. Log files don't do any harm to the system and will not break anything in pfblockerNG.

Just a wild guess would be to put something in the description field but it may not change anything.

I cleared the logs to find the error easier but the logs weren't showing any real errors so it was a lost cause no matter what for that.

RonpfS

What did you select in the Alexa Whitelist ? It hangs with Top 750K and Top 1M  :(