External DNSBL

javcasta

Hi.

While continuing the issue with Bind: https://redmine.pfsense.org/issues/7326

(I guess it will be solved in the next release of pfsense… ¿2.4?)

"Ergo" issues with Unbound/DNS Resolver and DNSBL pfBlockerNG, I have decided to give a chance to try a external DNSBL of my LAN from pfblockerNG to one of these external DNSBLs:

OpenDNS/Cisco Umbrella

https://www.opendns.com/

208.67.220.220
208.67.222.222

===

Yandex DNS - https://dns.yandex.com/advanced/
Basic Safe Family
IPv4 Preferred DNS 77.88.8.8 77.88.8.88 77.88.8.7
Alternate DNS 77.88.8.1 77.88.8.2 77.88.8.3
IPv6 Preferred DNS 2a02:6b8::feed:0ff 2a02:6b8::feed:bad 2a02:6b8::feed:a11
Alternate DNS 2a02:6b8:0:1::feed:0ff 2a02:6b8:0:1::feed:bad 2a02:6b8:0:1::feed:a11

Basic Safe Family
Quick and reliable DNS
Protection from infected sites
Protection from fraudulent sites
Protection from bots
Blocking adult sites
Blocking adult advertising
Yandex Family Search

===

Comodo Secure DNS - https://www.comodo.com/secure-dns/

8.26.56.26 and 8.20.247.20.

===

Alternate DNS - https://alternate-dns.com/setup.html#gr

DNS level ad-blocker
23.253.163.53

Which would be the most recommended? Are there any other alternatives to these external DNSBLs?

Regards.

BBcan177

Did you try the recommended patch in redmine?

iplost

The real problem not is pfBlockerNG/PhP. …. is BIND,
Even in a pfSense box without pfBlockerNG I had to change to DNSForwarder instead of DNSresolver

BBcan177

@javcasta:

While continuing the issue with Bind: https://redmine.pfsense.org/issues/7326

@iplost:

The real problem not is pfBlockerNG/PhP. …. is BIND,
Even in a pfSense box without pfBlockerNG I had to change to DNSForwarder instead of DNSresolver

Not sure why you're referencing "Bind"? DNSBL uses Unbound

If you need to use Bind, you could still use the DNS Resolver (Unbound) and forward to Bind…

iplost

you're right, is unbound, not bind. But dnsbl-pfBlockerNG not work without unbound, the issue still is alive, I tried with fresh pfsense instalation, without pfblocker, and unbound fails, with or without patch :o

javcasta

Hi.

From : The pfSense book ( by pfSense Team ).

12.11 How Do I Block access to a Web Site?
…
12.11.1 Using DNS
If using the built in DNS Forwarder, an override can be entered under Services DNS Forwarder to resolve the website you want to block to an invalid IP (such as 127.0.0.1).

You can also use OpenDNS for content ﬁltering, asdescribed in ../thirdparty/free-content-filtering-with-opendns

OK, OpenDNS… that is the alternative. :)

I am tired to stop/start/restart Unbound (DNS/Resolver), watchdog not work it in this scenario, or use only one WAN interface. Do not worry, all have solution ;)

I now dedicate pfBlockerNG to IPv4 list filtering only.

When the solution arrives (pfSense ¿2.4?) I will again activate the DNSBL at pfBlockerNG.

Regards.

====

Edited:

Maybe implement a pkg update for minors updates, and not wait for the next release?? Its only an idea ;)

BBcan177

:o

pfBasic

I'm using pfBNG & DNSBL on 2.4.0 BETA with Unbound and it works great.