Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    New SafeSearch feature borked

    Scheduled Pinned Locked Moved pfBlockerNG
    19 Posts 3 Posters 1.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • RonpfSR
      RonpfS @wolfsden3
      last edited by RonpfS

      @wolfsden3 I'm using Unbound Python mode. But few days ago I was using Unbound Mode and didn't see any issues.

      And do you have anything in the TLD Blacklist ? TLD Whitelist ?

      ls -al /var/unbound/*.conf

      2.4.5-RELEASE-p1 (amd64)
      Intel Core2 Quad CPU Q8400 @ 2.66GHz 8GB
      Backup 0.5_5, Bandwidthd 0.7.4_4, Cron 0.3.7_5, pfBlockerNG-devel 3.0.0_16, Status_Traffic_Totals 2.3.1_1, System_Patches 1.2_5

      W 1 Reply Last reply Reply Quote 0
      • W
        wolfsden3 @RonpfS
        last edited by

        @ronpfs

        I'm not using python mode. I don't know why I'd care to...why have different modes? That seems to only confuse things. 1 mode = the one that works LOL.

        -rw-r--r-- 1 root unbound 362 Feb 8 22:29 /var/unbound/access_lists.conf
        -rw-r--r-- 1 root unbound 0 Feb 14 17:48 /var/unbound/dhcpleases_entries.conf
        -rw-r--r-- 1 root unbound 111 Feb 8 22:29 /var/unbound/domainoverrides.conf
        -rw-r--r-- 1 root admins 473 Feb 14 17:48 /var/unbound/host_entries.conf
        -rw-r--r-- 1 root wheel 52207941 Feb 14 21:14 /var/unbound/pfb_dnsbl.conf
        -rw-r--r-- 1 root unbound 2421 Feb 14 20:03 /var/unbound/pfb_dnsbl_lighty.conf
        -rw-r--r-- 1 root unbound 300 Jul 25 2017 /var/unbound/remotecontrol.conf
        -rw-r--r-- 1 unbound unbound 2272 Feb 14 21:09 /var/unbound/unbound.conf

        I have content in the white list and block list. The one's in my block list like ".cn" are the one that it's complaining about. All my TLD's are being complained about. I block hundreds of TLD's like ".party" and the many many more that are out there...there are several hundred.

        Thanks.

        RonpfSR GertjanG 3 Replies Last reply Reply Quote 0
        • RonpfSR
          RonpfS @wolfsden3
          last edited by

          @wolfsden3 said in New SafeSearch feature borked:

          I'm not using python mode. I don't know why I'd care to...why have different modes?

          You could give it a try 😸

          2.4.5-RELEASE-p1 (amd64)
          Intel Core2 Quad CPU Q8400 @ 2.66GHz 8GB
          Backup 0.5_5, Bandwidthd 0.7.4_4, Cron 0.3.7_5, pfBlockerNG-devel 3.0.0_16, Status_Traffic_Totals 2.3.1_1, System_Patches 1.2_5

          1 Reply Last reply Reply Quote 0
          • W
            wolfsden3
            last edited by

            Yes but...if it's optional and not required to run that function why would I...?

            I have 5 firewalls all sync'd to this one and borking this one could affect the entire network + VPN's, etc.

            Is python mode required for that safe search feature that I can't seem to work correctly?

            Again, I think this is a bug and the safe search feature is broken.

            1 Reply Last reply Reply Quote 0
            • RonpfSR
              RonpfS @wolfsden3
              last edited by RonpfS

              @wolfsden3 said in New SafeSearch feature borked:

              -rw-r--r-- 1 root wheel 52207941 Feb 14 21:14 /var/unbound/pfb_dnsbl.conf
              -rw-r--r-- 1 root unbound 2421 Feb 14 20:03 /var/unbound/pfb_dnsbl_lighty.conf

              This is what my folder looked like before switching mode :

              -rw-r--r--   1 root     unbound       2063 Feb  1 17:37 pfb_dnsbl_lighty.conf
-rw-r--r--   1 root     unbound      20596 Feb  4 19:56 pfb_dnsbl.safesearch.conf
-rw-r--r--   1 root     unbound       4377 Feb  4 19:56 pfb_dnsbl.doh.conf
-rw-r--r--   1 root     wheel    154466466 Feb  4 20:04 pfb_dnsbl.conf
-rw-r--r--   1 root     unbound       3434 Feb  4 20:18 host_entries.conf
-rw-r--r--   1 root     unbound          0 Feb  4 20:18 dhcpleases_entries.conf
-rw-r--r--   1 root     unbound          0 Feb  4 20:18 domainoverrides.conf
-rw-r--r--   1 root     unbound        176 Feb  4 20:18 access_lists.conf
-rw-r--r--   1 unbound  unbound       2124 Feb  4 20:18 unbound.conf

              so unless things changed, your are missing some files pfb_*.conf.

              Go over General, DNSBL, IP tabs save settings, Force Update, Force Reload All, this may sanitize your database.

              2.4.5-RELEASE-p1 (amd64)
              Intel Core2 Quad CPU Q8400 @ 2.66GHz 8GB
              Backup 0.5_5, Bandwidthd 0.7.4_4, Cron 0.3.7_5, pfBlockerNG-devel 3.0.0_16, Status_Traffic_Totals 2.3.1_1, System_Patches 1.2_5

              1 Reply Last reply Reply Quote 0
              • W
                wolfsden3
                last edited by

                For giggles I went to look for that python mode option, I can't find it now.

                Where is it? I'll try it. Why not.

                RonpfSR 1 Reply Last reply Reply Quote 0
                • RonpfSR
                  RonpfS @wolfsden3
                  last edited by

                  @wolfsden3 Under DNSBL Tab

                  2.4.5-RELEASE-p1 (amd64)
                  Intel Core2 Quad CPU Q8400 @ 2.66GHz 8GB
                  Backup 0.5_5, Bandwidthd 0.7.4_4, Cron 0.3.7_5, pfBlockerNG-devel 3.0.0_16, Status_Traffic_Totals 2.3.1_1, System_Patches 1.2_5

                  1 Reply Last reply Reply Quote 0
                  • W
                    wolfsden3
                    last edited by

                    Oh - instead of "Unbound" you do "Unbound Python Mode" - it's a drop down which is why it's not obvious.

                    RonpfSR 1 Reply Last reply Reply Quote 0
                    • RonpfSR
                      RonpfS @wolfsden3
                      last edited by RonpfS

                      @wolfsden3 And from what I understand, you will have to migrate your TLD Whitelist to DNSBL Whitelist.

                      Be careful, test on a test box 😬

                      2.4.5-RELEASE-p1 (amd64)
                      Intel Core2 Quad CPU Q8400 @ 2.66GHz 8GB
                      Backup 0.5_5, Bandwidthd 0.7.4_4, Cron 0.3.7_5, pfBlockerNG-devel 3.0.0_16, Status_Traffic_Totals 2.3.1_1, System_Patches 1.2_5

                      1 Reply Last reply Reply Quote 0
                      • W
                        wolfsden3
                        last edited by

                        That's irritating. I looked at it but didn't turn it on. Something broke unbound. I might take a look at this python version but it's beta so the unbound one should still work.

                        I emailed bbcan.

                        RonpfSR 1 Reply Last reply Reply Quote 0
                        • RonpfSR
                          RonpfS @wolfsden3
                          last edited by

                          @wolfsden3 said in New SafeSearch feature borked:

                          I might take a look at this python version but it's beta

                          There are some pitfalls, but it has be stable for weeks.

                          2.4.5-RELEASE-p1 (amd64)
                          Intel Core2 Quad CPU Q8400 @ 2.66GHz 8GB
                          Backup 0.5_5, Bandwidthd 0.7.4_4, Cron 0.3.7_5, pfBlockerNG-devel 3.0.0_16, Status_Traffic_Totals 2.3.1_1, System_Patches 1.2_5

                          1 Reply Last reply Reply Quote 0
                          • GertjanG
                            Gertjan @wolfsden3
                            last edited by

                            @wolfsden3 said in New SafeSearch feature borked:

                            the one that works LOL.

                            What didn't work (well) using unbound, is that it reads all these files (the ones you listed) : 362 + 111 + 52.207.941 ( !!) + 2421 + 300 + 2272 == thousands of lines to be re parsed at process (re) start.
                            There are systems that will takes tens of seconds (minutes) to so, and during this time the system goes to 100 %and DNS isn't working.

                            That's why python mode was used : the python module handles the files, unbound just invokes the python "external' script to do the DNSBL business.

                            IMHO : the so called "python mode" will be the only one being used in the future. The mode where files are included from the main unbound.conf will be abandoned.
                            Give it a try ;)

                            No "help me" PM's please. Use the forum, the community will thank you.
                            Edit : and where are the logs ??

                            1 Reply Last reply Reply Quote 0
                            • First post
                              Last post
                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.