PfBlocker Problems

RonpfS

Check the Services page and restart pfblockerNG services
Check the System Logs General and Resolver

Riftcore34

@RonpfS:

Check the Services page and restart pfblockerNG services
Check the System Logs General and Resolver

Silly question where are the "Check the System Logs General and Resolver" I can't find them.

RonpfS

Status / System Logs / System / General
Status / System Logs / System / DNS Resolver

Riftcore34

@RonpfS:

Status / System Logs / System / General
Status / System Logs / System / DNS Resolver

Thanks

Last 2 General Log Entries. (Maximum 50)
Time	Process	PID	Message
Dec 6 00:37:03	syslogd		kernel boot file is /boot/kernel/kernel
Dec 6 00:37:09	pfsense.localdomain		nginx: 2017/12/06 00:37:09 [error] 35192#100148: send() failed (54: Connection reset by peer)

Last 11 DNS Resolver Log Entries. (Maximum 50)
Time	Process	PID	Message
Dec 6 00:37:28	unbound	78841:0	notice: init module 0: validator
Dec 6 00:37:28	unbound	78841:0	notice: init module 1: iterator
Dec 6 00:37:28	unbound	78841:0	info: start of service (unbound 1.6.6).
Dec 6 00:37:28	unbound	78841:0	info: service stopped (unbound 1.6.6).
Dec 6 00:37:28	unbound	78841:0	info: server stats for thread 0: 1 queries, 0 answers from cache, 1 recursions, 0 prefetch, 0 rejected by ip ratelimiting
Dec 6 00:37:28	unbound	78841:0	info: server stats for thread 0: requestlist max 0 avg 0 exceeded 0 jostled 0
Dec 6 00:37:28	unbound	78841:0	info: server stats for thread 1: 1 queries, 0 answers from cache, 1 recursions, 0 prefetch, 0 rejected by ip ratelimiting
Dec 6 00:37:28	unbound	78841:0	info: server stats for thread 1: requestlist max 0 avg 0 exceeded 0 jostled 0
Dec 6 00:37:43	unbound	41622:0	notice: init module 0: validator
Dec 6 00:37:43	unbound	41622:0	notice: init module 1: iterator
Dec 6 00:37:43	unbound	41622:0	info: start of service (unbound 1.6.6).

Nothing bad really. (I think)
Thanks again for the help. I hate ads can't wait to get this going again.

RonpfS

Last 2 General Log Entries. (Maximum 50)

Strange that you only get 2 entries …
Maybe increase the log files size (may need to Reset logs for this to take effect)
Also increase the GUI Log Entries

You didn't answer my questions about dig, VIP ping etc

Riftcore34

@RonpfS:

Last 2 General Log Entries. (Maximum 50)

Strange that you only get 2 entries …
Maybe increase the log files size (may need to Reset logs for this to take effect)
Also increase the GUI Log Entries

You didn't answer my questions about dig, VIP ping etc

Done
Did you edit that part it I missed it

C:\Users\darkv>nslookup DQDN
Server:  resolver1.opendns.com
Address:  208.67.222.222

*** resolver1.opendns.com can't find DQDN: Non-existent domain

C:\Users\darkv>ping 10.10.10.1

Pinging 10.10.10.1 with 32 bytes of data:
Reply from 10.10.10.1: bytes=32 time=1ms TTL=64
Reply from 10.10.10.1: bytes=32 time=1ms TTL=64
Reply from 10.10.10.1: bytes=32 time=1ms TTL=64
Reply from 10.10.10.1: bytes=32 time=1ms TTL=64

Ping statistics for 10.10.10.1:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 1ms, Maximum = 1ms, Average = 1ms

C:\Users\darkv>

RonpfS

Yes I did edited my post :P
FQDN is Fully qualified domain name … so pick one hostname from your Firewall / pfBlockerNG / Log Browser / DNSBL Files and do nslookup on it

nslookup mobiledl.adobe.com
Serveur :   pfsense.localdomain
Address:  172.xxx.xxx.254

Nom :    mobiledl.adobe.com
Address:  10.10.10.1

Riftcore34

You mean like this?

C:\Users\darkv>nslookup amoffers.hasoffers.com
Server:  resolver1.opendns.com
Address:  208.67.222.222

Non-authoritative answer:
Name:    use-app04.hasoffers.com
Addresses:  52.5.77.91
          52.6.99.184
          34.230.229.216
Aliases:  amoffers.hasoffers.com

C:\Users\darkv>nslookup mobiledl.adobe.com
Server:  resolver1.opendns.com
Address:  208.67.222.222

Non-authoritative answer:
Name:    a1800.g.akamai.net
Addresses:  213.104.143.171
          213.104.143.162
Aliases:  mobiledl.adobe.com
          mobiledl.adobe.com.edgesuite.net

RonpfS

Yes
This shows that your Windows is using resolver1.opendns.com for DNS resolution.
Now do dig amoffers.hasoffers.com in Diagnostics / Command Prompt

Next check / post your DNS Resolver configuration

Riftcore34

@RonpfS:

Yes
This shows that your Windows is using resolver1.opendns.com for DNS resolution.
Now do dig amoffers.hasoffers.com in Diagnostics / Command Prompt

Next check / post your DNS Resolver configuration

This? lol sorry not very good at this

Shell Output - dig amoffers.hasoffers.com
; <<>> DiG 9.11.2 <<>> amoffers.hasoffers.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1168
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;amoffers.hasoffers.com.		IN	A

;; ANSWER SECTION:
amoffers.hasoffers.com.	60	IN	A	10.10.10.1

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Wed Dec 06 01:05:23 GMT 2017
;; MSG SIZE  rcvd: 67

![2017-12-06 (1).png_thumb](/public/imported_attachments/1/2017-12-06 (1).png_thumb)
![2017-12-06 (1).png](/public/imported_attachments/1/2017-12-06 (1).png)
2017-12-06.png_thumb

RonpfS

So pfsense DNSBL is doing it's job on pfsense.
It's your device that is not using pfsense for DNS resolution. Does it get it's IP from pfsense via DHCP ?
What kind of antivirus / internet security are you using on your Windows. Some like AVG provide there own solution for DNS :

@BBcan177:

@xphiles:

so after much troubleshooting and trying things at the firewall level, i disabled my full avg protection and it works on the host(s) in question. so I have to granularly figure out which service in AVG is messing up my dns

I think this is what you were looking for:
https://help.avg.com/en/avg_free/17/securityantivirus_securedns.html

Riftcore34

Yes every device has an IP from pfsense and zero antivirus / security

Even my roku is showing ads but its got a ip from pfsense.

RonpfS

Check what DNS server is configured in the DHCP service. Leave empty to use pfsense config

Riftcore34

@RonpfS:

Check what DNS server is configured in the DHCP services. Leave empty to use pfsense config

208.67.222.222
208.67.220.220

is in there ill delete them and reboot.

RonpfS

Un-plug/re-plug the ethernet cable will do the same.
Or in Windows cmd run "ipconfig /renew"
"ipconfig" alone will show you the configuration

Riftcore34

@RonpfS:

Check what DNS server is configured in the DHCP service. Leave empty to use pfsense config

DNSBL_Ads 67595 155
YAY its working

Guess its my fault as im trying to use opendns filting

Thanks so much now to get this opendns to work :)

RonpfS

Well that something you may want to use to bypass your ISP DNS server, or to provide Parental control that some DNS services provide.

You could still use OpenDNS by using the Forwarding mode of pfsense DNS Resolver, but this mode requires all DNS servers used in forwarding mode to support DNSSEC.

On the other end, unbound talk to the root server so it's provide "clean" and fast DNS Service.

Riftcore34

@RonpfS:

Well that something you may want to use to bypass your ISP DNS server, or to provide Parental control that some DNS services provide.

You could still use OpenDNS by using the Forwarding mode of pfsense DNS Resolver, but this mode requires all DNS servers used in forwarding mode to support DNSSEC.

On the other end, unbound talk to the root server so it's provide "clean" and fast DNS Service.

yea I did try Forwarding mode but pfblocker did not work with it on and resolver off :)

BBcan177

@Riftcore34:

yea I did try Forwarding mode but pfblocker did not work with it on and resolver off :)

Unbound can be used in "Forwarder" or "Resolver" mode… So don't get that mixed up with DNSMasq which is a "Forwarder" only... :)