Unresolvable destination alias

NasKar

I getting these notices since upgrading to 2.4.0 from 2.3.4

General

Unresolvable destination alias 'pfB_amazonaws' for rule 'Allow Amazon AWS to WAN' @ 2017-10-18 20:49:49
Unresolvable destination alias 'pfB_netflix' for rule 'Allow Netflix to WAN'	@ 2017-10-18 20:49:50
Unresolvable destination alias 'pfB_netflix' for rule 'Allow Netflix to WAN'	@ 2017-10-18 20:49:52
Unresolvable destination alias 'pfB_netflix' for rule 'Allow Netflix to WAN'	@ 2017-10-18 21:02:28
Unresolvable destination alias 'pfB_netflix' for rule 'Allow Netflix to WAN'	@ 2017-10-18 21:02:30
Unresolvable destination alias 'pfB_netflix' for rule 'Allow Netflix to WAN'	@ 2017-10-18 21:02:32
Unresolvable destination alias 'pfB_netflix' for rule 'Allow Netflix to WAN'	@ 2017-10-18 21:03:57
Unresolvable destination alias 'pfB_netflix' for rule 'Allow Netflix to WAN'	@ 2017-10-18 21:03:58
Unresolvable destination alias 'pfB_netflix' for rule 'Allow Netflix to WAN'	@ 2017-10-18 21:04:00
Unresolvable destination alias 'pfB_netflix' for rule 'Allow Netflix to WAN'	@ 2017-10-18 21:04:50
Unresolvable destination alias 'pfB_netflix' for rule 'Allow Netflix to WAN'	@ 2017-10-18 21:04:51
Unresolvable destination alias 'pfB_netflix' for rule 'Allow Netflix to WAN'	@ 2017-10-18 21:04:53
Unresolvable destination alias 'pfB_netflix' for rule 'Allow Netflix to WAN'	@ 2017-10-18 21:15:42
Unresolvable destination alias 'pfB_netflix' for rule 'Allow Netflix to WAN'	@ 2017-10-18 21:16:52
Unresolvable destination alias 'pfB_netflix' for rule 'Allow Netflix to WAN'	@ 2017-10-18 21:17:47
Unresolvable destination alias 'pfB_netflix' for rule 'Allow Netflix to WAN'	@ 2017-10-18 22:10:16
Unresolvable destination alias 'pfB_netflix' for rule 'Allow Netflix to WAN'	@ 2017-10-18 22:10:17
Unresolvable destination alias 'pfB_netflix' for rule 'Allow Netflix to WAN'	@ 2017-10-18 22:10:20
Unresolvable destination alias 'pfB_netflix' for rule 'Allow Netflix to WAN'	@ 2017-10-18 22:11:21
Unresolvable destination alias 'pfB_netflix' for rule 'Allow Netflix to WAN'	@ 2017-10-18 22:12:23
Unresolvable destination alias 'pfB_netflix' for rule 'Allow Netflix to WAN'	@ 2017-10-18 22:14:50
Unresolvable destination alias 'pfB_netflix' for rule 'Allow Netflix to WAN'	@ 2017-10-18 22:16:09
Unresolvable destination alias 'pfB_netflix' for rule 'Allow Netflix to WAN'	@ 2017-10-19 00:00:01
Unresolvable destination alias 'pfB_netflix' for rule 'Allow Netflix to WAN'	@ 2017-10-19 00:00:02

My pfblockerng.log file

Sync terminated during boot process.
UPDATE PROCESS ENDED

**Saving configuration [ 10/18/17 18:53:26 ] ...

**Saving configuration [ 10/18/17 18:55:53 ] ...

**Saving configuration [ 10/18/17 19:00:12 ] ...

**Saving configuration [ 10/18/17 19:00:40 ] ...

**Saving configuration [ 10/18/17 19:00:41 ] ...
 UPDATE PROCESS START [ 10/18/17 20:49:48 ]

Clearing all DNSBL Feeds... 
** DNSBL Disabled **

===[  Continent Process  ]============================================

[ pfB_Asia_v4 ]		 Changes found... Updating

[ pfB_Europe_v4 ]	 Changes found... Updating

[ pfB_NAmerica_v4 ]	 Changes found... Updating

===[  IPv4 Process  ]=================================================

[ MS_spy_custom ]	 Downloading update [ 10/18/17 20:49:49 ] . completed ..

[ amazonaws ]		 Downloading update .. 200 OK. completed ..

[ netflix ]		 Downloading update [ 10/18/17 20:49:50 ] .. completed ..
[ pfB_netflix netflix ] List Error ]

===[  IPv6 Process  ]=================================================

===[  Aliastables / Rules  ]================================

Firewall rule changes found, applying Filter Reload

===[ FINAL Processing ]=====================================

   [ Original IP count   ]  [ 94011 ]

===[ Permit List IP Counts ]=========================

   71902 /var/db/pfblockerng/permit/pfB_NAmerica_v4.txt

===[ Deny List IP Counts ]===========================

   15694 total
    8745 /var/db/pfblockerng/deny/pfB_Europe_v4.txt
    6904 /var/db/pfblockerng/deny/pfB_Asia_v4.txt
      45 /var/db/pfblockerng/deny/MS_spy_custom.txt

===[ Native List IP Counts ] ===================================

     930 /var/db/pfblockerng/native/amazonaws.txt

====================[ Last Updated List Summary ]==============

Oct 17	11:49	amazonaws
Oct 18	20:49	pfB_Asia_v4
Oct 18	20:49	pfB_Europe_v4
Oct 18	20:49	pfB_NAmerica_v4
Oct 18	20:49	MS_spy_custom
Oct 18	20:49	netflix

IPv4 alias tables IP count
-----------------------------
88526

IPv6 alias tables IP count
-----------------------------
0

Alias table IP Counts
-----------------------------
   88526 total
   71902 /var/db/aliastables/pfB_NAmerica_v4.txt
    8745 /var/db/aliastables/pfB_Europe_v4.txt
    6904 /var/db/aliastables/pfB_Asia_v4.txt
     930 /var/db/aliastables/pfB_amazonaws.txt
      45 /var/db/aliastables/pfB_MS_spy.txt

pfSense Table Stats
-------------------
table-entries hard limit  2000000
Table Usage Count         52

 UPDATE PROCESS ENDED [ 10/18/17 20:49:51 ]

**Saving configuration [ 10/18/17 21:02:31 ] ...

**Saving configuration [ 10/18/17 21:03:59 ] ...

**Saving configuration [ 10/18/17 21:04:52 ] ...

**Saving configuration [ 10/18/17 22:10:18 ] ...
 CRON  PROCESS  START [ 10/19/17 00:00:00 ]
 UPDATE PROCESS START

Clearing all DNSBL Feeds... 
** DNSBL Disabled **

===[  Continent Process  ]============================================

[ pfB_Asia_v4 ]		 exists.
[ pfB_Europe_v4 ]	 exists.
[ pfB_NAmerica_v4 ]	 exists.

===[  IPv4 Process  ]=================================================

[ MS_spy_custom ]	 exists.
[ amazonaws ]		 exists.
[ netflix ]		 Downloading update .. completed ..
[ pfB_netflix netflix ] List Error ]

===[  IPv6 Process  ]=================================================

===[  Aliastables / Rules  ]================================

Firewall rule changes found, applying Filter Reload

 UPDATE PROCESS ENDED [ 10/19/17 00:00:01 ]

Any ideas on how to fix it?

RonpfS

Looks like it rebooted during a cron update.
Run Force Update, then Force Reload All.

NasKar

@RonpfS:

Looks like it rebooted during a cron update.
Run Force Update, then Force Reload All.

That seems to have fixed it. Thanks

NasKar

Oops spoke to soon still get the same type of notices. I reinstalled 2.4.0 with the save config option and no errors during install but still getting those notices.
here is my netflix alias

![netflix alias.jpg](/public/imported_attachments/1/netflix alias.jpg)
![netflix alias.jpg_thumb](/public/imported_attachments/1/netflix alias.jpg_thumb)

RonpfS

If you click on the on the blue "i" infoblock
It probably says something like (that infoblock changed in the Development version)

Convert a Domain name or AS into its respective IP addresses.
(ie: facebook.com or AS32934)

With WhoIs selection you should probably remove the "https://ipinfo.io/" and use "AS2906" instead.
It will get the IPs from builtin https://asn.cymru.com/ db lookup.
@asn.cymru.com:

23.246.0.0/18
37.77.184.0/21
45.57.0.0/17
64.120.128.0/17
66.197.128.0/17
69.53.224.0/19
108.175.32.0/20
185.2.220.0/22
185.9.188.0/22
192.173.64.0/18
198.38.96.0/19
198.45.48.0/20
208.75.76.0/22

Take a look at the pfblocker log file or error log file to see what happen when that list is built.
Also look at the Match file to see if the alias contains IPs.

If you want to keep using "https://ipinfo.io/as2906" instead of the builtin Cymru lookup,
@ipinfo.io:

23.246.0.0/18
37.77.184.0/21
45.57.0.0/17
64.120.144.197
64.120.149.70
64.120.151.214
64.120.163.117
64.120.168.69
64.120.179.10
64.120.190.163
64.120.193.178
64.120.194.78
64.120.199.67
64.120.201.222
64.120.208.146
64.120.208.203
64.120.226.125
64.120.228.98
64.120.229.146
64.120.245.32
64.120.247.238
64.120.252.58
64.120.253.210
66.197.132.37
66.197.133.49
66.197.134.158
66.197.134.171
66.197.144.133
66.197.153.182
66.197.155.53
66.197.158.229
66.197.159.24/31
66.197.160.197
66.197.161.40
66.197.162.101
66.197.162.102/31
66.197.163.245
66.197.166.96
66.197.193.104
66.197.193.116
66.197.207.185
66.197.210.149
66.197.211.85
66.197.213.200
66.197.214.132
66.197.215.165
66.197.218.149
66.197.221.135
66.197.222.85
66.197.250.197
69.53.225.0/24
108.175.32.0/20
192.173.64.0/18
198.38.96.0/19
198.45.48.0/20

then change WhoIs for Auto, run a force update or force reload IP and see if the Match Alias contains IPs.

Also you might change the Update frequency to Weekly in case the ASN changes over time.

NasKar

@RonpfS:

If you click on the on the blue "i" infoblock
It probably says something like (that infoblock changed in the Development version)

Convert a Domain name or AS into its respective IP addresses.
(ie: facebook.com or AS32934)

With WhoIs selection you should probably remove the "https://ipinfo.io/" and use "AS2906" instead.
It will get the IPs from builtin https://asn.cymru.com/ db lookup.
@asn.cymru.com:

23.246.0.0/18
37.77.184.0/21
45.57.0.0/17
64.120.128.0/17
66.197.128.0/17
69.53.224.0/19
108.175.32.0/20
185.2.220.0/22
185.9.188.0/22
192.173.64.0/18
198.38.96.0/19
198.45.48.0/20
208.75.76.0/22

Take a look at the pfblocker log file or error log file to see what happen when that list is built.
Also look at the Match file to see if the alias contains IPs.

If you want to keep using "https://ipinfo.io/as2906" instead of the builtin Cymru lookup,
@ipinfo.io:

23.246.0.0/18
37.77.184.0/21
45.57.0.0/17
64.120.144.197
64.120.149.70
64.120.151.214
64.120.163.117
64.120.168.69
64.120.179.10
64.120.190.163
64.120.193.178
64.120.194.78
64.120.199.67
64.120.201.222
64.120.208.146
64.120.208.203
64.120.226.125
64.120.228.98
64.120.229.146
64.120.245.32
64.120.247.238
64.120.252.58
64.120.253.210
66.197.132.37
66.197.133.49
66.197.134.158
66.197.134.171
66.197.144.133
66.197.153.182
66.197.155.53
66.197.158.229
66.197.159.24/31
66.197.160.197
66.197.161.40
66.197.162.101
66.197.162.102/31
66.197.163.245
66.197.166.96
66.197.193.104
66.197.193.116
66.197.207.185
66.197.210.149
66.197.211.85
66.197.213.200
66.197.214.132
66.197.215.165
66.197.218.149
66.197.221.135
66.197.222.85
66.197.250.197
69.53.225.0/24
108.175.32.0/20
192.173.64.0/18
198.38.96.0/19
198.45.48.0/20

then change WhoIs for Auto, run a force update or force reload IP and see if the Match Alias contains IPs.

Also you might change the Update frequency to Weekly in case the ASN changes over time.

It seems like either solution works http://ipinfo.io/AS2906 with the auto option and AS2906 and with the whois option and updated my frequency to weekly. I went with the whois option. Thanks for your help. Are there any docs, links or websites you recommend for a newbie trying to learn pfBlocker? I tried reading the stickies but it's like stepping into the middle of on ongoing converstion that's over my head and google/you tube don't help much.

RonpfS

Strange. :o
With my version (development), Auto reads the https://ipinfo.io/as2906 fine and the listing above is from the Firewall / pfBlockerNG / Log Browser / Match files

You can always create your own table using ipinfo.io listing, either with a local disk file or with IPv4 Custom list.

The stickys do contain important informations about pfBlockerNG behaviour, so your are not wasting your time reading them.