oisd blocklist not working
-
Hi,
I am trying to use the oisd blck list found here. pfBlockerNG seems to process this fine, but unbound will not start afterward. Can anyone advise why this is? I cannot post the full log, as it is too long. Below is the final snippet.Thank you.
===[ FINAL Processing ]=====================================
[ Original IP count ] [ 51967 ]
===[ Deny List IP Counts ]===========================
49753 total
18492 /var/db/pfblockerng/deny/pfB_Top_v4.txt
16387 /var/db/pfblockerng/deny/FireHOL3_IPs.txt
6052 /var/db/pfblockerng/deny/pfB_Top_v6.txt
5789 /var/db/pfblockerng/deny/BD_IPs.txt
2245 /var/db/pfblockerng/deny/ET_Block_IPs.txt
788 /var/db/pfblockerng/deny/ET_Comp_IPs.txt===[ DNSBL Domain/IP Counts ] ===================================
431133 total
371953 /var/db/pfblockerng/dnsbl/oisd.txt
24262 /var/db/pfblockerng/dnsbl/MDS.txt
16794 /var/db/pfblockerng/dnsbl/EasyList.txt
6097 /var/db/pfblockerng/dnsbl/Cameleon.txt
5381 /var/db/pfblockerng/dnsbl/PhishTank.txt
3265 /var/db/pfblockerng/dnsbl/Adaway.txt
1752 /var/db/pfblockerng/dnsbl/yoyo.txt
751 /var/db/pfblockerng/dnsbl/MDL.txt
713 /var/db/pfblockerng/dnsbl/OpenPhish.txt
92 /var/db/pfblockerng/dnsbl/PhishTank.ip
49 /var/db/pfblockerng/dnsbl/EasyList.ip
16 /var/db/pfblockerng/dnsbl/OpenPhish.ip
8 /var/db/pfblockerng/dnsbl/DNSBL_TLD.txt====================[ Last Updated List Summary ]==============
Mar 31 00:30 ET_Block_IPs
Mar 31 00:30 ET_Comp_IPs
Apr 1 07:04 FireHOL3_IPs
Apr 1 16:31 BD_IPs
Apr 1 17:49 pfB_Top_v4
Apr 1 17:49 pfB_Top_v6IPv4 alias tables IP count
43858
IPv6 alias tables IP count
6052
Alias table IP Counts
49910 total
18492 /var/db/aliastables/pfB_Top_v4.txt
16387 /var/db/aliastables/pfB_FireHOL3.txt
6052 /var/db/aliastables/pfB_Top_v6.txt
5789 /var/db/aliastables/pfB_BinaryDefense.txt
3033 /var/db/aliastables/pfB_EmergingThreatsDShield.txt
157 /var/db/aliastables/pfB_DNSBLIP.txtpfSense Table Stats
table-entries hard limit 2000000
Table Usage Count 161305UPDATE PROCESS ENDED [ 04/01/20 17:49:17 ]
-
Check the pfblockerng.log, system log, resolver log, memory usage, maybe you hit the limit your system can handle going from 60000 DNSBL entries to 430000.
-
@RonpfS Thank you for the pointer. The problem seems to be that the oisd black list contains one domain for which I also have a local host override. The dual override seems to result in the failed loading of unbound. I would like to keep the local override because I have no control of future changes to the blacklist. Is there a workaround?
-
Put that domain in the DNSBL Whitelist, you might also have to put it (or it's parent domain) in the TLD Exclude list to get better control over whitelisting.
-
@RonpfS Perfect, that worked! Adding the domain with subdomains (leading ".") was sufficient to fix the problem. It took me a while to figure it out because I did a "Force Update" which was insufficient. Once I did the "Force Reload" I was good to go. Thanks for the help!
-
Yeah sometimes you save time by clicking on the
-
@revengineer
The is a log snippet above that to show the processing of that feed and the restart of Unbound. Take a look at those two sections of the pfblockerng.log.
