Added new dns pfblockerng stopped working



  • i added a dns server in general setup.. rebooted pfsense.. now I see ads etc..

    also I blocked via dchp static to 1 machine (kids computer) youtube using opendns and assigned the dhcp to force use their dns servers… I never had a problem until now.. and yes the override dns is checked. now my kids are youtube HAPPY this is an issue 1 kid home school  I need to figure this out...

    it seems when I change dns server's all heck breaks loose.. I don't use ISPs dns servers (comcast) because the pfblocker doesn't work at all.. even after force cron.

    can someone help me out?


  • Rebel Alliance Global Moderator

    For pfblocker to do its thing you need to be using unbound. It can be in forwarder mode..

    And your clients need to be using pfsense as their dns.

    When you say dns ovrride you mean your letting dhcp from your wan override your dns??

    Pfsense really should only point to itself.  127.0.0.1 - you should not allow override from your isp.  And you can use unbound in forwarder mode or resolver mode (default) but your clients need to ask pfsense for dns.

    As to what pfblocker blocks - that would be up to your settings in pfblocker.  Are you using proxy??



  • thanks for fast reply  DNS Query Forwarding mode is unchecked.. i tried checking it roki tv stopped working…

    all clients use local dns first exept 2 computers which are dhcp static i use opendns to protect porn and youtube using opendns dns servers i did set via win 10 settings on computer did not work. so i used dchp static on pfsense that seems to work 80% of the time.. some how the computer bypasses opendns dns servers thats what i cant figure out why!

    i misspoke about the dns override from wan that is turned off pfsense points to itself first..

    the pfblocker works untill i change round dns servers.. then the pfblocker stops working with that dns server... then i switch it back  to old. works like a champ...





  • Rebel Alliance Global Moderator

    "all clients use local dns first exept 2 computers "

    Doesn't work that way!! Sorry..  If you point a client to more than 1 dns - you have not idea which one it will or could be using at some point later.  You do not point to 2 different ns that do not resolve the same stuff.

    Pointing to something that resolves local, and pointing to stuff that is public and can not resolve your local is Borked config!!!

    If you handing your clients other dns - WTF does that have to do with pfsense??

    "the pfblocker works untill i change round dns servers.."

    With you pointing a client to outside dns - no shit pfblocker not going to do a damn thing..



  • message received johnpoz

    i get your point 100% but thats been working for a while… I guess not now... lol..

    so how would you block youtube and bad stuff from local dns but only on 2 computers??

    thanks
    '