PfBlocker Problems
-
Did you try to access any Domain that are blocked by dnsbl (Logs / DNSBL Files),
One domain from Adaway: http://mobiledl.adobe.com/ -
Did you try to access any Domain that are blocked by dnsbl (Logs / DNSBL Files),
One domain from Adaway: http://mobiledl.adobe.com/When I go to yahoo its covered in Ads, The Ipv4 black list is working but DNSBL ads and malware lists are not.
-
On pfsense what does this look like
dig mobiledl.adobe.com ; <<>> DiG 9.11.2 <<>> mobiledl.adobe.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40091 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;mobiledl.adobe.com. IN A ;; ANSWER SECTION: mobiledl.adobe.com. 60 IN A 10.10.10.1 ;; Query time: 0 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Tue Dec 05 19:13:56 EST 2017 ;; MSG SIZE rcvd: 63 -
On pfsense what does this look like
dig mobiledl.adobe.com ; <<>> DiG 9.11.2 <<>> mobiledl.adobe.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40091 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;mobiledl.adobe.com. IN A ;; ANSWER SECTION: mobiledl.adobe.com. 60 IN A 10.10.10.1 ;; Query time: 0 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Tue Dec 05 19:13:56 EST 2017 ;; MSG SIZE rcvd: 63on that page on chrome I get this
Invalid URL
The requested URL "[no URL]", is invalid.
Reference #9.1f7469d5.1512519331.2d2d26a0 -
But that is in my
pfB_Blacklists IPv4 not DNSBL
-
You can also Diagnostics / Command prompt to run the dig command
For DNSBL to function, your devices have to use the pfsense DNS Resolver. On on those device you need to check the DNS service resolution config.
On a Windows system, open a command prompt and to a nslookup of one FQDN from you DSNBL Files.
Devices also have to be able to reach the VIP (10.10.10.1), try to ping the VIP ip from that device. Try to open your VIP on a browser. -
I know its not working as ont he widget the packets don't update just stays on 0 used to go up etc…
It used to just work on everything in the house I never did anything to each device.
it just worked haha.
-
Check the Services page and restart pfblockerNG services
Check the System Logs General and Resolver -
Check the Services page and restart pfblockerNG services
Check the System Logs General and ResolverSilly question where are the "Check the System Logs General and Resolver" I can't find them.
-
Status / System Logs / System / General
Status / System Logs / System / DNS Resolver -
Status / System Logs / System / General
Status / System Logs / System / DNS ResolverThanks
Last 2 General Log Entries. (Maximum 50) Time Process PID Message Dec 6 00:37:03 syslogd kernel boot file is /boot/kernel/kernel Dec 6 00:37:09 pfsense.localdomain nginx: 2017/12/06 00:37:09 [error] 35192#100148: send() failed (54: Connection reset by peer)Last 11 DNS Resolver Log Entries. (Maximum 50) Time Process PID Message Dec 6 00:37:28 unbound 78841:0 notice: init module 0: validator Dec 6 00:37:28 unbound 78841:0 notice: init module 1: iterator Dec 6 00:37:28 unbound 78841:0 info: start of service (unbound 1.6.6). Dec 6 00:37:28 unbound 78841:0 info: service stopped (unbound 1.6.6). Dec 6 00:37:28 unbound 78841:0 info: server stats for thread 0: 1 queries, 0 answers from cache, 1 recursions, 0 prefetch, 0 rejected by ip ratelimiting Dec 6 00:37:28 unbound 78841:0 info: server stats for thread 0: requestlist max 0 avg 0 exceeded 0 jostled 0 Dec 6 00:37:28 unbound 78841:0 info: server stats for thread 1: 1 queries, 0 answers from cache, 1 recursions, 0 prefetch, 0 rejected by ip ratelimiting Dec 6 00:37:28 unbound 78841:0 info: server stats for thread 1: requestlist max 0 avg 0 exceeded 0 jostled 0 Dec 6 00:37:43 unbound 41622:0 notice: init module 0: validator Dec 6 00:37:43 unbound 41622:0 notice: init module 1: iterator Dec 6 00:37:43 unbound 41622:0 info: start of service (unbound 1.6.6).Nothing bad really. (I think)
Thanks again for the help. I hate ads can't wait to get this going again. -
Last 2 General Log Entries. (Maximum 50)
Strange that you only get 2 entries …
Maybe increase the log files size (may need to Reset logs for this to take effect)
Also increase the GUI Log EntriesYou didn't answer my questions about dig, VIP ping etc
-
Last 2 General Log Entries. (Maximum 50)
Strange that you only get 2 entries …
Maybe increase the log files size (may need to Reset logs for this to take effect)
Also increase the GUI Log EntriesYou didn't answer my questions about dig, VIP ping etc
Done
Did you edit that part it I missed itC:\Users\darkv>nslookup DQDN Server: resolver1.opendns.com Address: 208.67.222.222 *** resolver1.opendns.com can't find DQDN: Non-existent domain C:\Users\darkv>ping 10.10.10.1 Pinging 10.10.10.1 with 32 bytes of data: Reply from 10.10.10.1: bytes=32 time=1ms TTL=64 Reply from 10.10.10.1: bytes=32 time=1ms TTL=64 Reply from 10.10.10.1: bytes=32 time=1ms TTL=64 Reply from 10.10.10.1: bytes=32 time=1ms TTL=64 Ping statistics for 10.10.10.1: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 1ms, Maximum = 1ms, Average = 1ms C:\Users\darkv> -
Yes I did edited my post :P
FQDN is Fully qualified domain name … so pick one hostname from your Firewall / pfBlockerNG / Log Browser / DNSBL Files and do nslookup on itnslookup mobiledl.adobe.com Serveur : pfsense.localdomain Address: 172.xxx.xxx.254 Nom : mobiledl.adobe.com Address: 10.10.10.1 -
You mean like this?
C:\Users\darkv>nslookup amoffers.hasoffers.com Server: resolver1.opendns.com Address: 208.67.222.222 Non-authoritative answer: Name: use-app04.hasoffers.com Addresses: 52.5.77.91 52.6.99.184 34.230.229.216 Aliases: amoffers.hasoffers.comC:\Users\darkv>nslookup mobiledl.adobe.com Server: resolver1.opendns.com Address: 208.67.222.222 Non-authoritative answer: Name: a1800.g.akamai.net Addresses: 213.104.143.171 213.104.143.162 Aliases: mobiledl.adobe.com mobiledl.adobe.com.edgesuite.net -
Yes
This shows that your Windows is using resolver1.opendns.com for DNS resolution.
Now do dig amoffers.hasoffers.com in Diagnostics / Command PromptNext check / post your DNS Resolver configuration
-
Yes
This shows that your Windows is using resolver1.opendns.com for DNS resolution.
Now do dig amoffers.hasoffers.com in Diagnostics / Command PromptNext check / post your DNS Resolver configuration
This? lol sorry not very good at this
Shell Output - dig amoffers.hasoffers.com ; <<>> DiG 9.11.2 <<>> amoffers.hasoffers.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1168 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;amoffers.hasoffers.com. IN A ;; ANSWER SECTION: amoffers.hasoffers.com. 60 IN A 10.10.10.1 ;; Query time: 0 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Wed Dec 06 01:05:23 GMT 2017 ;; MSG SIZE rcvd: 67.png_thumb)
.png)
-
So pfsense DNSBL is doing it's job on pfsense.
It's your device that is not using pfsense for DNS resolution. Does it get it's IP from pfsense via DHCP ?
What kind of antivirus / internet security are you using on your Windows. Some like AVG provide there own solution for DNS :so after much troubleshooting and trying things at the firewall level, i disabled my full avg protection and it works on the host(s) in question. so I have to granularly figure out which service in AVG is messing up my dns
I think this is what you were looking for:
https://help.avg.com/en/avg_free/17/securityantivirus_securedns.html -
Yes every device has an IP from pfsense and zero antivirus / security
Even my roku is showing ads but its got a ip from pfsense.
-
Check what DNS server is configured in the DHCP service. Leave empty to use pfsense config
