• Hi everyone!

    Is there a way to tell pfBlockerNG to format the pfb_dnsbl.conf like this:

    local-zone: "" static

    rather than this:

    local-data: " 60 IN A"

    I want my DNS to return NXDOMAIN on filtered domains rather than a "wrong" IP address.


  • I've added```
    && /usr/bin/sed -i -e 's/."([^ ]+) ./local-zone: "\1" static/' /var/unbound/pfb_dnsbl.conf

  • Banned

    You realize that this "improvement" breaks the alerts logging plus will cause issue with browsers as well, right?

  • Apart from the original solution (returning instead of NXDOMAIN) actually causing issues with browsers I haven't seen any problems so far. Which problems with browsers would that be?

    Regarding the alert logging: I don't need that. All I want to achieve is domain based blocking in the DNS, nothing more, nothing less ;)

    However, your answer made me think. Maybe pfBlockerNG is kind of an overkill solution to my problem. I could easily download the lists and compile a unbound configuration with a simple script instead…

    Regardless, I'd still like to know which "issues with browsers" you are referring to.

  • Banned

    I must be special, but I do NOT appreciate loads of "domain not found" errors in place of the blocked stuff. That's the whole point of the 1x1gif webserver.

  • Moderator

    The next version of the package will have the option to define "" (No logging option) instead of the DNSBL VIP on a per Group basis…

    You could edit this file:  /usr/local/pkg/pfblockerng/  Line #3594

    and change the line


    $domain_data .= "local-data: \"" . $line . " 60 IN A {$pfb['dnsbl_vip']}\"\n";


    $domain_data .= "local-data: \"" . $line . " 60 IN A\"\n";

    and follow that with a Force Reload - DNSBL.

  • the reason for the blank img method is some sites check for a 200 status.

Log in to reply