Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    DNSBL Shenanigans

    Scheduled Pinned Locked Moved pfBlockerNG
    3 Posts 2 Posters 488 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      timeforchang
      last edited by

      I had installed pfB (not the devel package) and attempted to set up DNSBL. I tried to download the EasyLists just to try it out, but upon a force reload, I kept getting cUrl timeout errors (code 28). After reading a few forum posts, I removed the unbound .keys and .pems and regenerated them, but I was still getting timeout errors.

      The more interesting part of this is that the lists do actually download if I use the pfB-devel package and its default IP and DNSBL feeds. However, my DNS completely breaks down and all of the requests go to VIP.

      If I use the same settings from the devel package with the base pfB package, I get an unload error similar to the one found in this post: https://www.reddit.com/r/pfBlockerNG/comments/atlmzb/dnsbl_is_out_of_sync/ which remains unanswered.

      I've force reloaded god knows how many times, toggled DNSSEC, DNS forwarding, regenerated keys and certs, uninstalled and reinstalled packages, even factory reset the darned thing.

      I'm really at the end of my rope here, and was wondering if anyone had any ideas.

      I should mention that I've been following this setup guide: https://www.tecmint.com/install-configure-pfblockerng-dns-black-listing-in-pfsense/

      provelsP 1 Reply Last reply Reply Quote 0
      • provelsP
        provels @timeforchang
        last edited by provels

        @timeforchang FWIW, I tried the release package and found setup to be quite a challenge, considering the vast amount of lists available on the 'net. I uninstalled completely and installed the devel pkg. Works a treat, since many BLs are hardcoded and preselected. Did have a minor issue downloading the Talos list that was resolved by some minor edits, but I think that was fixed in latest devel.
        Relevant Post
        Also, the Zeus tracker lists were discontinued in July '19, so those will show update errors. Hardcoded lists are great for you and me, but a pain for @BBcan177 .
        I'd try uninstalling all, including settings, and start over with devel. You are using Resolver in resolver mode and not forwarding, right? Also, if using Service Watchdog, do not include the pfB services or Unbound in the restart settings.

        PS - If you are using ramdisks for /tmp and /var (Advanced/Miscellaneous), every reboot will delete all the lists that have been downloaded, but they will be rebuilt at either next cron update or a Force/All.

        Peder

        MAIN - pfSense+ 24.11-RELEASE - Adlink MXE-5401, i7, 16 GB RAM, 64 GB SSD. 500 GB HDD for SyslogNG
        BACKUP - pfSense+ 23.01-RELEASE - Hyper-V Virtual Machine, Gen 1, 2 v-CPUs, 3 GB RAM, 8GB VHDX (Dynamic)

        1 Reply Last reply Reply Quote 0
        • T
          timeforchang
          last edited by

          Thank you so much! I totally have forwarding on. Furthermore, I realized that specific lists were super trigger happy so I will be debugging sources one by one I guess

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.