DSNBL error: connect: Can't assign requested address for 127.0.0.1 port 953

RonpfS

Maybe you should do a Force Reload All then post your pfblockerng.log to see what happens.

SnowmanUT

0_1549494634044_pfblockerng.log.txt

Ok, removed the package completely and reinstalled it just to try. Went through the wizard again and back to the same error.

pfblockerng.log attached

RonpfS

How did you configure DNS Resolver ?
What pfsense version, platform, pfblockerng version, which package are you using?

SnowmanUT

PFsense version: 2.4.4-RELEASE-p2 (amd64)
pfBlockerNG-devel net 2.2.5_21
Platform: HP T620 Plus Thin Client

DNS Resolver setting:
-Network Interfaces: all
-Outgoing Network Interfaces: WAN
-System Domain Local Zone Type: Transparent
-DNSSEC Support: Enabled
-Custom Options: server:include: /var/unbound/pfb_dnsbl.*conf
-Host override for a duckdns domain I have setup.

RonpfS

@snowmanut said in DSNBL error: connect: Can't assign requested address for 127.0.0.1 port 953:

-Host override for a duckdns domain I have setup.

And if you remove the host override do you still have the same symptoms?

SnowmanUT

Deleted host override, no change. Same error after force reload.

RonpfS

@snowmanut
Do you have DNS Forwarder disabled ?
Do you have DNS Resolver DNS Query Forwarding disabled?

What is the output of :

ls -al /var/unbound
ls -al /var/db/pfblockerng
ls -al /var/db/pfblockerng/dnsbl
ls -al /var/db/pfblockerng/dnsblorig

SnowmanUT

Do you have DNS Forwarder disabled? Yes
Do you have DNS Resolver DNS Query Forwarding disabled? Yes

ls -al /var/unbound:
total 120
drwxr-xr-x 3 unbound unbound 1024 Feb 6 17:50 .
drwxr-xr-x 27 root wheel 512 Dec 12 05:42 ..
-rw-r--r-- 1 root unbound 292 Feb 6 17:44 access_lists.conf
drwxr-xr-x 2 unbound unbound 512 Dec 12 05:42 conf.d
-rw-r--r-- 1 root unbound 175 Feb 6 17:44 dhcpleases_entries.conf
-rw-r--r-- 1 root unbound 3355 Feb 6 15:58 dnsbl_cert.pem
-rw-r--r-- 1 root unbound 0 Feb 6 17:44 domainoverrides.conf
-rw-r--r-- 1 root unbound 398 Feb 6 17:44 host_entries.conf
-rw-r--r-- 1 root unbound 0 Feb 6 17:49 pfb_dnsbl.conf
-rw-r--r-- 1 root unbound 1498 Feb 6 15:58 pfb_dnsbl_lighty.conf
-rw-r--r-- 1 root unbound 300 Oct 22 08:11 remotecontrol.conf
-rw-r--r-- 1 unbound unbound 1252 Feb 6 17:44 root.key
-rw-r--r-- 1 root unbound 2056 Feb 6 17:49 unbound.conf
-rw-r----- 1 unbound unbound 2455 Oct 22 08:11 unbound_control.key
-rw-r----- 1 unbound unbound 1330 Oct 22 08:11 unbound_control.pem
-rw-r----- 1 unbound unbound 2455 Oct 22 08:11 unbound_server.key
-rw-r----- 1 unbound unbound 1318 Oct 22 08:11 unbound_server.pem

ls -al /var/db/pfblockerng
total 1768
drwxr-xr-x 11 root wheel 512 Feb 6 18:00 .
drwxr-xr-x 14 root wheel 1024 Feb 6 16:48 ..
drwxr-xr-x 2 root wheel 512 Feb 6 15:57 ET
drwxr-xr-x 2 root wheel 1024 Feb 6 18:00 deny
drwxr-xr-x 2 root wheel 1024 Feb 6 17:49 dnsbl
-rw-r--r-- 1 root wheel 8192 Feb 6 17:49 dnsbl.sqlite
-rw-r--r-- 1 root wheel 8192 Feb 6 15:58 dnsbl_levent.sqlite
drwxr-xr-x 2 root wheel 512 Feb 6 15:58 dnsblalias
drwxr-xr-x 2 root wheel 1024 Feb 6 15:58 dnsblorig
-rw-r--r-- 1 root wheel 10001 Feb 6 15:49 geoip.txt
-rw-r--r-- 1 root wheel 266386 Feb 6 18:00 mastercat
-rw------- 1 root wheel 508197 Feb 6 18:00 masterfile
drwxr-xr-x 2 root wheel 512 Feb 6 15:57 match
drwxr-xr-x 2 root wheel 512 Feb 6 15:57 native
drwxr-xr-x 2 root wheel 512 Feb 6 18:00 original
drwxr-xr-x 2 root wheel 512 Feb 6 15:57 permit
-rw-r--r-- 1 root wheel 2152 Feb 6 18:00 pfbdnsblsuppression.txt

ls -al /var/db/pfblockerng/dnsbl
total 15704
drwxr-xr-x 2 root wheel 1024 Feb 6 17:49 .
drwxr-xr-x 11 root wheel 512 Feb 6 18:00 ..
-rw-r--r-- 1 root wheel 113986 Feb 6 17:49 Abuse_DOMBL.txt
-rw-r--r-- 1 root wheel 385663 Feb 6 17:49 Abuse_URLBL.txt
-rw-r--r-- 1 root wheel 2422 Feb 6 17:49 Abuse_Zeus_BD.txt
-rw-r--r-- 1 root wheel 20707 Feb 6 17:49 Adaway.txt
-rw-r--r-- 1 root wheel 34779 Feb 6 17:49 BBC_DC2.txt
-rw-r--r-- 1 root wheel 769139 Feb 6 17:49 Cameleon.txt
-rw-r--r-- 1 root wheel 128691 Feb 6 17:49 D_Me_ADs.txt
-rw-r--r-- 1 root wheel 4251 Feb 6 17:49 D_Me_Malv.txt
-rw-r--r-- 1 root wheel 0 Feb 6 17:49 D_Me_Malw.txt
-rw-r--r-- 1 root wheel 1488 Feb 6 17:49 D_Me_Tracking.txt
-rw-r--r-- 1 root wheel 49294 Feb 6 17:49 EasyList.txt
-rw-r--r-- 1 root wheel 138299 Feb 6 17:49 EasyPrivacy.txt
-rw-r--r-- 1 root wheel 0 Feb 6 17:49 ISC_SDH.txt
-rw-r--r-- 1 root wheel 56852 Feb 6 17:49 MDL.txt
-rw-r--r-- 1 root wheel 1471173 Feb 6 17:49 MDS.txt
-rw-r--r-- 1 root wheel 128220 Feb 6 17:49 MDS_Immortal.txt
-rw-r--r-- 1 root wheel 46827 Feb 6 17:49 MVPS.txt
-rw-r--r-- 1 root wheel 93081 Feb 6 17:49 SBL_ADs.txt
-rw-r--r-- 1 root wheel 752123 Feb 6 17:49 SFS_Toxic_BD.txt
-rw-r--r-- 1 root wheel 545387 Feb 6 17:49 SWC.txt
-rw-r--r-- 1 root wheel 362322 Feb 6 17:49 Spam404.txt
-rw-r--r-- 1 root wheel 37106 Feb 6 17:49 Yoyo.txt
-rw-r--r-- 1 root wheel 2638905 Feb 6 17:49 hpHosts_ATS.txt

RonpfS

ls -al /var/db/pfblockerng/dnsblalias
ls -al /var/db/pfblockerng/dnsblorig
cat /var/db/pfblockerng/pfbdnsblsuppression.txt

Can you try to disable DNSBL, then run a force Update.
Enable DNSBL then run Force Update.

If you still have errors, then enable only on DNSBL group with only one URL enabled, run a Force Reload DNSBL and see if it reload unbound.

johnpoz

@snowmanut said in DSNBL error: connect: Can't assign requested address for 127.0.0.1 port 953:

by removing all my DNS servers in the general setup page.

Why would you have DNS servers listed in the general setup page if your using unbound in resolver mode? Having there sure would not cause any errors since they would never be used, unless you told pfsense not to use 127.0.0.1?

SnowmanUT

When I deleted all the DNS servers in there it wouldn't download any packages from the package manager. When I put 1 back the package manager worked again. Others reported similar behavior on other posts.

I don't think I have told it not to use 127.0.0.1, where would I do that besides the DNS resolver which we already checked?

johnpoz

Lets forget pfblocker for a second... Does unbound work when not using pfblocker? Disable pfblocker does your resolver work as it should..

Its right there in the general setup - where you would of set extra dns

I would also uncheck allowing your ISP to hand you dns via dhcp... That checkbox above the one I point out.

Pfsense out of the box resolves, and the only thing it should point to for dns is itself

If you are having issues with unbound working, I would figure that out before you worry about package like pfblocker

SnowmanUT

None of those were checked on general setup. If I remove all DNS servers from the DNS server list the package manager fails to download anything.

Package Manager Blank with no DNS Server listed in setup:

Would having comcast have anything to do with this?

RonpfS

Did you try to do nslookup from the pfsense ?

johnpoz

Sure your isp could be doing something - but I was on comcast for years and they never dicked with dns that I recall.

Yes try to look up something else, does google resolve? Go to diag, dns lookup - try some stuff in there does anything work?

What does your status resolver show you?

What does the log show is unbound actually starting and listening on 53?

You have pfblocker disabled right? Lets actually validate the resolver is working how it should before you try and throw pfblocker on top of it. Not able to list packages doesn't bode well for a fully functional resolver.

You don't have some vpn setup - what other packages are you running? This should be a clean out of the box pfsense setup!

You don't go throwing extra toys onto something that isn't working in the first place ;) If your ISP is dicking with DNS then you could always use forwarding mode with unbound. But lets actually validate that first, etc.

SnowmanUT

PfblockerNG is off. Ran DNS Lookup and no response on google or pfsense. I can still go to websites when browsing though, weird.

Status of DNS Resolver is blank too:

I have OpenVPN setup for access by my phone to my network. I can disable it. Used this video guide to do it on Lawrence Systems / PC Pickup: https://www.youtube.com/watch?v=7rQ-Tgt3L18&t=656s Works fine for when I need access.

Packages:

johnpoz

well from that unbound is not running... So how would your clients resolve anything unless they were suing something else for dns..

Unbound is not working... Get unbound working before you attempt to get pfblocker working.

Restart unbound - what does the unbound log say. UP the log level in unbound.

SnowmanUT

Already have log level at 2, do I need to go higher?

Looks like it is resolving??

SnowmanUT

Still trying figure this out. Unbound is stopping and starting all the time per the logs. Still have forwarder off and no DNS servers in general setup. Pfblocker is turned off. DNS resolver status blank and dnslookup doesn't resolve anything? Is my boxed just messed up or is there issue with unbound or how do I fix this?

Grimson

https://forum.netgate.com/topic/104772/unbound-restarting
https://forum.netgate.com/topic/138449/unbound-restarting-more-frequently

Also if you use the Service Watchdog package make sure it does not monitor unbound.