Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Blocking certain websites

    Scheduled Pinned Locked Moved General pfSense Questions
    39 Posts 4 Posters 3.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • GertjanG
      Gertjan
      last edited by

      A simple thing to test : when you shut down your VPN (client) : does the problem persists ?

      No "help me" PM's please. Use the forum, the community will thank you.
      Edit : and where are the logs ??

      K 1 Reply Last reply Reply Quote 0
      • K
        kendalja @Gertjan
        last edited by

        @Gertjan I shutoff the vpn and it works! I set the dns resolver to wan, bring back up the vpn connection and it still works....wth?

        1 Reply Last reply Reply Quote 0
        • K
          kendalja
          last edited by

          )FF935C7E-432C-45BB-A76F-939285F4C330.jpeg

          Now I’m trying to post and seeing this lmfao

          1 Reply Last reply Reply Quote 0
          • johnpozJ
            johnpoz LAYER 8 Global Moderator
            last edited by johnpoz

            Well once you have the correct ns cached for the domain, you don't have to go ask again.. Which is why I mentioned poisoning..

            Also how did you set resolver to only use wan?

            Also are you pulling routes from your vpn? This makes your vpn default, even if not policy routed. Did you actually change the resolver to only use wan, or did you set it to all? etc..

            Posting a lot of text can sometimes be seen as spam.

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 24.11 | Lab VMs 2.8, 24.11

            K 1 Reply Last reply Reply Quote 0
            • K
              kendalja @johnpoz
              last edited by

              @johnpoz

              I went to services, DNS resolver, network interface was already set to ALL. I changed outgoing network interface from PIA_VPN to WAN.

              1 Reply Last reply Reply Quote 0
              • johnpozJ
                johnpoz LAYER 8 Global Moderator
                last edited by johnpoz

                @kendalja said in Blocking certain websites:

                network interface was already set to ALL

                No it wasn't - from your screenshot.

                See here
                vpn.png

                Not talking about the inbound to unbound, only outbound.

                I would restart unbound, set it back to the way you had it.. do the trace again - are you seeing those tonic.to in the trace again?

                It could of been a red herring with your vpn - and just that you had cache poisoned already.. You need to make sure you flush your unbound cache.. A restart of unbound will do that for you - just need to make sure it actually restarts, etc.

                An intelligent man is sometimes forced to be drunk to spend time with his fools
                If you get confused: Listen to the Music Play
                Please don't Chat/PM me for help, unless mod related
                SG-4860 24.11 | Lab VMs 2.8, 24.11

                K 2 Replies Last reply Reply Quote 0
                • K
                  kendalja @johnpoz
                  last edited by

                  @johnpoz

                  Right there is also a section above that and it’s set to all. I now have the outgoing to WAN.

                  1 Reply Last reply Reply Quote 0
                  • johnpozJ
                    johnpoz LAYER 8 Global Moderator
                    last edited by

                    Well if everything is working that way - set it back to your vpn path for outgoing, and flush - are you seeing the problem with the tonic.to in the trace? If so something really wrong if your vpn connection!! And they are manipulating your dns queries.

                    An intelligent man is sometimes forced to be drunk to spend time with his fools
                    If you get confused: Listen to the Music Play
                    Please don't Chat/PM me for help, unless mod related
                    SG-4860 24.11 | Lab VMs 2.8, 24.11

                    1 Reply Last reply Reply Quote 0
                    • K
                      kendalja @johnpoz
                      last edited by

                      @johnpoz

                      Read above on my post about the “to” in my logs lmfao. User error.

                      1 Reply Last reply Reply Quote 0
                      • johnpozJ
                        johnpoz LAYER 8 Global Moderator
                        last edited by johnpoz

                        huh?

                        Here is where the to has been coming from. I've been executing the command "dig +trace to ns1.fmlh.edu"

                        tonic.to should be no where in a trace to that..

                        Nor to your original fqdn..

                        An intelligent man is sometimes forced to be drunk to spend time with his fools
                        If you get confused: Listen to the Music Play
                        Please don't Chat/PM me for help, unless mod related
                        SG-4860 24.11 | Lab VMs 2.8, 24.11

                        K 1 Reply Last reply Reply Quote 0
                        • K
                          kendalja @johnpoz
                          last edited by

                          @johnpoz

                          While executing the command I actually typed in “dig +trace to ns1.fmlh.edu” instead of “dig +trace ns1.fmlh.edu”

                          1 Reply Last reply Reply Quote 0
                          • First post
                            Last post
                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.