Issues using DNSBL and IP to block domains

Risfold

@Risfold said in Issues using DNSBL and IP to block domains:

I have been thinking disabling DNS resolver responding on the local host might work, but I'm not sure if that will work or what else it will effect.

Well that didn't work. Got the error below. Plus then my resolver wouldn't use the DoH I have setup.

Risfold

@BBcan177 Do you have any suggestions? I would very much appreciate any help you can offer.

bmeeks

You will need the resolver for DNSBL to work. I am not familiar with the internal details of how pfBlockerNG works. The developer and I have exchanged ideas in the past, but I mostly concentrate on the IDS/IPS packages (Snort and Suricata).

Risfold

@bmeeks said in Issues using DNSBL and IP to block domains:

You will need the resolver for DNSBL to work. I am not familiar with the internal details of how pfBlockerNG works. The developer and I have exchanged ideas in the past, but I mostly concentrate on the IDS/IPS packages (Snort and Suricata).

Thanks for your contributions to pfsense! I actually am upgrading to beefier pfsense hardware soon and I plan on looking into those. I am currently on an APU board and from what I hear that doesn't quite cut it for those.

BBcan177

Some more info here:
https://www.reddit.com/r/pfBlockerNG/comments/d3p1gf/doh_server_blocklist/

Risfold

@BBcan177 said in Issues using DNSBL and IP to block domains:

Some more info here:
https://www.reddit.com/r/pfBlockerNG/comments/d3p1gf/doh_server_blocklist/

Hi BBcan177 Thanks for the reply. This post is where I got my domain list from. My issue is that I would like to use the DNSBL and block the IP of these addresses. However when the whois lookup occurs during the IP cron, pfblocker only returns the pfblocker VIP because the same list of domains are in the DNSBL.

Can the whois lookup for an IP blocklist occur ignoring the DNSBL?

Risfold

I hoped my explanations above were clear enough but in case not I have added the screenshots below. I appreciate the help with this issue!

Domain list on DNSBL:

IP block list:
ipv4 blocklist.png

List of IPs from block list showing pfblocker VIP only since domains are listed on DNSBL already:
ip list.png

BBcan177

That Heuristics feed is for DNSBL only. Its not an IP list, so it can't be used in the IP tab.
What is your IP Placeholder IP? Is it 10.10.10.1? That could interfere with DNSBL depending what you selected for the DNSBL VIP address.

Risfold

I have the feed for Heuristics list in whois format so pfblocker should resolve these, no? That is the issue I'm referring to. When pfblocker uses dns resolver to resolve the list of domains for IP blocking, it uses itself (DNSBL) and only resolves the DNSBL IP (10.10.10.1) for each domain.

The IP placeholder and DNSBL IP are default:

BBcan177

@Risfold
Dont think that duality is possible.

Risfold

@BBcan177
I see. I was hoping there would be a way that I was just ignorant of. Thank you for taking the time to review this.

If anyone else has a suggestion beyond manually resolving these domains externally and manually updating the lists, please let us know!