Dnsbl causes iOS apps to hang
-
So I tried out the command which points back to the DNSBL address but it still unfortunately doesn't show up in the alerts tab. Would adding the VIP address to the DNS Resolver access list properly configure DNSBL?
-
No you don't need to touch the Resolver ACL.
Is the DNSBL VIP address defined as the default to 10.10.10.1? What is your LAN IP network defined as?
For your LAN devices, did you define the DNS server settings to point only to the pfSense address? -
Yes VIP is at it's default 10.10.10.1 while my LAN is 192.168.127.x I believe this issue is due to the dns forwarder option being checked within the DNS resolver settings …
-
@crisdavid:
Yes VIP is at it's default 10.10.10.1 while my LAN is 192.168.127.x I believe this issue is due to the dns forwarder option being checked within the DNS resolver settings …
No that won't make a difference. DNSBL can use the DNS Resolver in "Resolver" or "Forwarder" mode…. It just can't use the DNS Forwarder (DNSMasq).
Do you have any other Firewall Rule Limiters or other NAT rules that might be interfering?
-
If it makes it easier I've included my limiter and NAT settings. The limiter is only meant to distribute my bandwidth evenly between devices to prevent one device from consuming most of the bandwidth.
-
@crisdavid:
If it makes it easier I've included my limiter and NAT settings. The limiter is only meant to distribute my bandwidth evenly between devices to prevent one device from consuming most of the bandwidth.
Have you tried pfSense 2.4 as I believe there are some fixes for Limiters in that version… Maybe someone whos using DNSBL and Limiters will chime in... As a test, if you disable the limiters, does that fix your timeout issues?
-
Still testing out this issue but turned off the limiters and it worked fine. Turned back on limiters with DNSBL and it's working for now. I killed the states as well but haven't done a reboot to verify it won't happen again should the system go down. If the problem resurfaces I may just jump to the version 2.4 in hopes it resolves this issue. Good news I saw that now I'm getting alerts! :)
-
Maybe the issue previously was that the Limiters Rules were above the DNSBL NAT rules. First rule wins…
-
Maybe the issue previously was that the Limiters Rules were above the DNSBL NAT rules. First rule wins…
You know what? The difference between my network and my fathers is the fact I had hybrid outbound NAT rules while he had Manual outbound NAT rules. I've wondered about this and can now see why/how using hybrid mode could cause issues as opposed to manual. Thank you for your help!
-
If anyone else is having the same issue I was having with pfblockerNG while having a traffic shaper (especially with this method) https://forum.pfsense.org/index.php?topic=63531.0
I was able to completely resolve this issue by upgrading to the 2.4 beta (at the time I'm posting this) and was able to have no issues with my iOS devices loading web pages slow or certain apps hanging.
