pfBlockerNG-devel v3.0.0 - No longer bound by Unbound!

BBcan177

@cantor Reboot your box

cantor

@bbcan177 said in pfBlockerNG-devel v3.0.0 - No longer bound by Unbound!:

@cantor Reboot your box

Doesn't work. Unbound is still down after reboot and can only be restarted after I uncheck the option "Eable Python Module".

BBcan177

@cantor
Increase the Resolver Log Level to "2", Save/Apply. Do you see any errors?

cantor

@bbcan177 said in pfBlockerNG-devel v3.0.0 - No longer bound by Unbound!:

@cantor
Increase the Resolver Log Level to "2", Save/Apply.

Do you mean "Raw FilterLogs"? If not, where can I change the log level to level "2"?

Regards
Jürgen

BBcan177

@cantor said in pfBlockerNG-devel v3.0.0 - No longer bound by Unbound!:

Do you mean "Raw FilterLogs"? If not, where can I change the log level to level "2"?

pfSense > DNS Resolver > Adv Settings > Log Level > 2

cantor

@bbcan177

1. pfBlockerNG
   a) Change Unbound -> Unbound python mode
   b) Save
   c) Force Reload All
   d) Reload hangs when restarting Unbound Resolver

2. Switching to DNS Resolver tab after click on the logout button
   a) Start service
   b) Service does not start

Resolver log:

Jan 22 22:08:52 	unbound: [44037:0] fatal error: failed to setup modules
Jan 22 22:08:52 	unbound: [44037:0] error: module init for module python failed
Jan 22 22:08:52 	unbound: [44037:0] error: pythonmod: can't open file pfb_unbound.py for reading
Jan 22 22:08:51 	unbound: [44037:0] notice: init module 0: python
Jan 22 22:07:49 	unbound: [82094:0] notice: init module 0: python
Jan 22 22:07:49 	unbound: [51734:0] info: 4.000000 8.000000 1
Jan 22 22:07:49 	unbound: [51734:0] info: 2.000000 4.000000 2
Jan 22 22:07:49 	unbound: [51734:0] info: 1.000000 2.000000 5
Jan 22 22:07:49 	unbound: [51734:0] info: 0.524288 1.000000 8
Jan 22 22:07:49 	unbound: [51734:0] info: 0.262144 0.524288 6
Jan 22 22:07:49 	unbound: [51734:0] info: 0.131072 0.262144 9
Jan 22 22:07:49 	unbound: [51734:0] info: 0.065536 0.131072 7
Jan 22 22:07:49 	unbound: [51734:0] info: 0.032768 0.065536 6
Jan 22 22:07:49 	unbound: [51734:0] info: 0.016384 0.032768 13
Jan 22 22:07:49 	unbound: [51734:0] info: 0.008192 0.016384 3
Jan 22 22:07:49 	unbound: [51734:0] info: 0.004096 0.008192 2
Jan 22 22:07:49 	unbound: [51734:0] info: 0.000000 0.000001 1
Jan 22 22:07:49 	unbound: [51734:0] info: lower(secs) upper(secs) recursions
Jan 22 22:07:49 	unbound: [51734:0] info: [25%]=0.028672 median[50%]=0.126391 [75%]=0.539154
Jan 22 22:07:49 	unbound: [51734:0] info: histogram of recursion processing times
Jan 22 22:07:49 	unbound: [51734:0] info: average recursion processing time 0.434923 sec
Jan 22 22:07:49 	unbound: [51734:0] info: mesh has 0 recursion states (0 with reply, 0 detached), 0 waiting replies, 63 recursion replies sent, 0 replies dropped, 0 states jostled out
Jan 22 22:07:49 	unbound: [51734:0] info: server stats for thread 1: requestlist max 12 avg 1.77778 exceeded 0 jostled 0
Jan 22 22:07:49 	unbound: [51734:0] info: server stats for thread 1: 113 queries, 50 answers from cache, 63 recursions, 0 prefetch, 0 rejected by ip ratelimiting
Jan 22 22:07:49 	unbound: [51734:0] info: 0.524288 1.000000 1
Jan 22 22:07:49 	unbound: [51734:0] info: 0.262144 0.524288 3
Jan 22 22:07:49 	unbound: [51734:0] info: 0.065536 0.131072 1
Jan 22 22:07:49 	unbound: [51734:0] info: 0.016384 0.032768 4
Jan 22 22:07:49 	unbound: [51734:0] info: 0.008192 0.016384 5
Jan 22 22:07:49 	unbound: [51734:0] info: 0.004096 0.008192 1
Jan 22 22:07:49 	unbound: [51734:0] info: lower(secs) upper(secs) recursions
Jan 22 22:07:49 	unbound: [51734:0] info: [25%]=0.0126976 median[50%]=0.022528 [75%]=0.283989
Jan 22 22:07:49 	unbound: [51734:0] info: histogram of recursion processing times
Jan 22 22:07:49 	unbound: [51734:0] info: average recursion processing time 0.128478 sec
Jan 22 22:07:49 	unbound: [51734:0] info: mesh has 0 recursion states (0 with reply, 0 detached), 0 waiting replies, 15 recursion replies sent, 0 replies dropped, 0 states jostled out
Jan 22 22:07:49 	unbound: [51734:0] info: server stats for thread 0: requestlist max 4 avg 0.933333 exceeded 0 jostled 0
Jan 22 22:07:49 	unbound: [51734:0] info: server stats for thread 0: 34 queries, 19 answers from cache, 15 recursions, 0 prefetch, 0 rejected by ip ratelimiting
Jan 22 22:07:49 	unbound: [51734:0] info: service stopped (unbound 1.10.1).

Regards
Jürgen

BBcan177

@cantor said in pfBlockerNG-devel v3.0.0 - No longer bound by Unbound!:

Jan 22 22:08:52 unbound: [44037:0] fatal error: failed to setup modules
Jan 22 22:08:52 unbound: [44037:0] error: module init for module python failed
Jan 22 22:08:52 unbound: [44037:0] error: pythonmod: can't open file pfb_unbound.py for reading

Re-install the package as this file is missing

cantor

@bbcan177

I reinstalled pfBlockerNG and triggered Forced Reload-DNSBL. Everything seemed fine and DNS resolver was up with Unbound python mode.

Then I rebooted the box for a second check and unfortunately the resolver was down again with error "can't open file pfb_unbound.py for reading".

BBcan177

@cantor
You can't use RamDisks, since the /var/ folder is wiped on reboot. Need to disable that option, and reinstall once more to get the python script back.

cantor

@bbcan177

Ouch! That's it. Thanks for your help. Now everything works fine. :-)

lohphat

I'm looking for a little clarification regarding the unbound config changes after switching to python mode.

1. I've notice that unbound is unstarted after any pfBlockerNG-devel v3.x.x package updates. DNS lookups fail so I have to manually restart it.
2. The docs indicate to change the interface to localhost in unbound. I assume it's the "Outgoing Network Interfaces" (now set to "localhost") and not the "Network Interfaces" (currently set to "all") above it.
3. My DNS settings in general setup already has localhost configured (Disable DNS Forwarder is unchecked) as one of the upstream DNS servers. Do I keep this config or remove 127.0.0.1?
   127.0.0.1
   9.9.9.9
   149.112.112.112
   2620:fe::fe
   2620:fe::9

So...have I made the correct changes? It seems to be working so far but want a 2nd opinion via another set of eyes to make sure I've understood the intended setup.

thegenius21

been bombarded by this dont know what happens but im blocking ipv6 everywhere.

[02-Mar-2021 15:29:50 Asia/Manila] PHP Fatal error: Uncaught Error: Class 'Net_IPv6' not found in /etc/inc/util.inc:680
Stack trace:
#0 /etc/inc/util.inc(657): is_ipaddrv6('pagead2.googles...')
#1 /usr/local/www/pfblockerng/www/index.php(59): is_ipaddr('pagead2.googles...')
#2 {main}
thrown in /etc/inc/util.inc on line 680

Gertjan

@thegenius21
See also here (not posted in the pfB section although probably a pfB related issue).

mikeelawson

I have tried to install the latest version of PFblockerNg v3.0 however the initialisation is still running after 30 mins. Unloaded older version and tryting to load latest version but still hangs. What is the CLI to install manually please?

Gertjan

There's no CLI command to install "pfSense"packages.

What happens when you install a 'simple/small' pfSense package like 'Cron' ?

Troubleshooting Upgrades

BBcan177

@mikeelawson said in pfBlockerNG-devel v3.0.0 - No longer bound by Unbound!:

I have tried to install the latest version of PFblockerNg v3.0 however the initialisation is still running after 30 mins. Unloaded older version and tryting to load latest version but still hangs. What is the CLI to install manually please?

Related to this:
https://redmine.pfsense.org/issues/11398

If you wait at the page it will eventually timeout. While it is in that condition, you can kill the Unbound pid and it should complete faster. Then restart Unbound post-install.

pkill unbound

mikeelawson

@bbcan177 I have tried the unbound command, but again just hangs when I try to install.

Gertjan

@mikeelawson
At what point ?
Any logs ? Screenshot ?

mikeelawson

@gertjan It started happening when I tried to install new package. Screenshot, just shows initialising, no further update

Gertjan

@mikeelawson said in pfBlockerNG-devel v3.0.0 - No longer bound by Unbound!:

@gertjan It started happening when I tried to install new package. Screenshot, just shows initialising, no further update

Yeah, that's the GUI ....
The GUI is only good if everything works well.

For all the other days, there is

@gertjan said in pfBlockerNG-devel v3.0.0 - No longer bound by Unbound!:

Troubleshooting Upgrades

You should click on the link, and read.
You'll notice that there are no GUI examples.
Its right from the first line "command line only".
I advise you to read, test and report back here if you find different.