Unable to get DNSBL to work using pfBlockerNG



  • I just recently installed pfBlockerNG and wanted to use the DNSBL functionality. I followed the getting stated instructions found at https://forum.pfsense.org/index.php?topic=102470.msg572943#msg572943 but unfortunately the configuration did not work. My system consists of 5 interfaces WAN, LAN, WLAN, DMZ and PIA. My main interface I use is the WLAN through the PIAVPN gateway.

    The only difference I made setting up DNSBL was I selected the WLAN as the DNSBL listening interface and for the DNSBL firewall rule I did not select it. Is there something other than the getting started instructions that I need to do to my configuration? Any help would be much appreciated.

    Thanks,



  • Moderator

    First ensure that your LAN and vlan devices are only using the pfSense Resolver as its only DNS server. You should also be able to ping and browse to the DNSBL VIP address from any of your Lan/vlan subnets. There is an optional permit rule that allows the other subnets to access the DNSBL VIP address.



  • Hello,

    First ensure that your LAN and vlan devices are only using the pfSense Resolver as its only DNS server

    i only have the DNS resolver activated.

    You should also be able to ping and browse to the DNSBL VIP address from any of your Lan/vlan subnets

    I'm able to ping 10.10.0.1, when I browse to 10.10.10.1 a blank page is displayed.

    There is an optional permit rule that allows the other subnets to access the DNSBL VIP address

    Where can I find the permit rule option.



  • @kiekar:

    Where can I find the permit rule option.

    Firewall / pfBlockerNG / DNSBL : Permit Firewall Rules



  • Is it the DNSBL Firewall Rule checkbox for the interfaces



  • @kiekar:

    Is it the DNSBL Firewall Rule checkbox for the interfaces

    Yes it is, then you select which interface you want to permit traffic to reach DNSBL Web server. This will create FW Floating rules.

    When you browse to the VIP you should see 1x1px GIF.
    Go to the Alerts Tab to find any blocked DNS access
    They are also listed in Firewall / pfBlockerNG / Log Browser / Log Files / dnsbl.log



  • Hello and thank you for your support. I made some screen shots of the logs but unfortunately I think it's still not working. For one thing I still see o packets on the widget.

    When you browse to the VIP you should see 1x1px GIF.

    I only see a blank screen on the edge and EI browser and a black screen on chrome when I enter in the browser 10.10.10.1.

    I'm not quite sure what to make from the logs below.
    .






  • The Alerts Tab will only show one blocked access for repeated blocks.
    DNSBL.log will log all accesses.

    You have to make sure that you lan devices use pfSense resolver for DNS resolution. Check the DNS configuration on the LAN devices.

    To test, go to Firewall / pfBlockerNG / Log Browser / DNSBL files and test with some domain names that are listed in there.



  • I selected from the adaway.txt file: www.smartadserver.com and entered it in the browser where by the site loaded.

    Could the issue stem from me using PIA (Private Internet Access). I'm using DHCP static mappings.






  • So this Device does NOT use pfSense DNS Resolver for address resolution.
    Leave the field empty as suggested

    "Note: leave blank to use the system default DNS servers - this interface's IP if DNS Forwarder or Resolver is enabled, otherwise the servers configured on the General page. "



  • Looks like it's working now I see more alerts now and the counter for the widget is increasing. The only anoyence is I have my antiviruis popping up. I do have one concern thow is may have a DNS leak now since I'm not using there DNS servers. I will need to do some tests

    Can I have easylist and DNSBL working together?






  • @kiekar:

    Can I have easylist and DNSBL working together?

    Yes you can.



  • Ok will try easylist. Once again thanks for your support, much appreciated.



  • @kiekar:

    I do have one concern thow is may have a DNS leak now since I'm not using there DNS servers. I will need to do some tests

    If you tests show DNS leaks, try configuring DNS resolver in Forwarding mode.



  • Well I'm Back,

    Unfortunately I'm unable to get both DNSBL and PIA working togeather. As soon as I remove the DNS Server IP address from the DHCP Static mapping page, I get a DNS Leak when testing but the DNSBL is working perfectly. I tried enabling forwarding mode on DNS Resolver and  adding the PIA DNS Server IP addresses to the DNS server settings at System / General Setup page but again still had the DNS leak when testing. Any other ideas would be much appreciated.

    Regards



  • You should probably open a Topic in the DHCP and DNS forum now as DNS leaks don't come from DNSBL.



  • dont worry i'm in the same boat… after i updated to 2.3.3 all my list stopped working..i cant figure it out... none of my config changed... now i see porn and stupid ads...