Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Squid + dnsBL problem

    Scheduled Pinned Locked Moved Cache/Proxy
    6 Posts 2 Posters 1.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      mcury
      last edited by

      Hi, hope you guys can help me,

      I have a PFsense 2.3.2-p1 running with the most recent Squid (not transparent, using customized a PAC file), Unbound, and Pfblocker Dnsbl.

      1 DNSBL currently configured with 4 lists. yoyo adaway, cameleon and hp.
      2 Unbound not using DHCP registration or Static DHCP (everything on default settings here).
      3 Squid doing SSL and configured the system`s default DNS server, which is Unbound.

      Problem:
      Ive noticed that, when Squid is setup to use Unbound as its DNS server, and DNSBL is activated at the same time, I get strange error messages at my system logs general everytime DNSBL tries to block something, but it doenst block (the sites opens, and we the DNSBL log files show that there wanst a block).
      This doesn`t happen when Squid is using a different DNS server.

      Note that both packets are working like a charm, the problem only happens when using them together, and when squid is using Unbound DNS server.

      This is the error Im getting in my System Logs: And it happens everytime DNSBL tries to block something, while Im using Squid and DNSBL

      Error message: (I`m getting lots of those).
      nginx: 2017/01/09 23:50:12 [error] 36111#100106: *240 open() "/usr/local/www/p" failed (2: No such file or directory), client: 172.16.200.1, server: , request: "GET /p?c1=9&c2=5989497&cs_xi=294c9024-da8d-4c8e-9850-d45b0599955f&rn=TIMESTAMP&r=http%3A%2F%2Fsync.tidaltv.com%2FGenericUserSync.ashx%3Fdpid%3D1161&cs_xs=2189 HTTP/1.1", host: "b.scorecardresearch.com", referrer: "http://tap2-cdn.rubiconproject.com/partner/scripts/rubicon/emily.html?pc=13764/64720&geo=sa&co=br"

      Obs: 172.16.200.1 is my DNSBL VIP IP.

      Do you have an idea regarding what could be happening? This is a new setup, so, Im not sure if those packets are supposed to work together, I mean, Squid and DNSBL. I really would like to be using them together due to the squidclamav, category filtering with to Shallas list, and the DNS filtering with DNSBL.

      Best regards,
      Marcelo

      dead on arrival, nowhere to be found.

      1 Reply Last reply Reply Quote 0
      • D
        doktornotor Banned
        last edited by

        Yeah, this just won't work. Trying to play redirect ping-pong with packets from localhost to localhost is no good. Set up different DNS servers for Squid, or wait for next pfBNG version which will have an option to use 0.0.0.0 instead of the local webserver.

        1 Reply Last reply Reply Quote 0
        • M
          mcury
          last edited by

          Thanks  very much for the quick answer, I`ll be waiting for the next release

          dead on arrival, nowhere to be found.

          1 Reply Last reply Reply Quote 0
          • D
            doktornotor Banned
            last edited by

            Actually I cannot reproduce this with "Bypass Proxy for Private Address Destination" checked on a transparent proxy. So, I'd say all you need is to fix your PAC to not proxy local networks, pretty much.

            1 Reply Last reply Reply Quote 0
            • M
              mcury
              last edited by

              thanks a lot for your time and attention on this matter, once I`ve added the following below at the top of the pac file, everything went smoothly.

              function FindProxyForURL(url, host) {
              // If the requested website is hosted within the internal network, send direct.
                  if (isPlainHostName(host) ||
                      shExpMatch(host, "*.local") ||
                      isInNet(dnsResolve(host), "10.0.0.0", "255.0.0.0") ||
                      isInNet(dnsResolve(host), "172.16.0.0",  "255.240.0.0") ||
                      isInNet(dnsResolve(host), "192.168.0.0",  "255.255.0.0") ||
                      isInNet(dnsResolve(host), "127.0.0.0", "255.255.255.0"))
                      return "DIRECT";

              Best regards,
              Marcelo

              dead on arrival, nowhere to be found.

              1 Reply Last reply Reply Quote 0
              • D
                doktornotor Banned
                last edited by

                OK, thanks for verifying.

                1 Reply Last reply Reply Quote 0
                • M mcury referenced this topic on
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.