DNS resolver & DNSBL Enable… But DNS address could not be found.

jutje

Hallo,

Am trying to config DNSBL but when i try to visit a site i get:

This site can’t be reached

google.com’s server DNS address could not be found.

See my config here:
https://imgur.com/a/N7Aqd

Plz help.
Thnx

RonpfS

Do you get DNS resolution when pfBlockerNG is disabled?. Make sure that all DNS Servers under DNS Server Settings support DNSSEC Support.

You have enabled Register DHCP leases in the DNS Resolver, beware that this will reload Unbound when a new lease is generated. Depending on the size of your DNSBL db, the reload may takes minutes to complete with no DNS services during the reload.

Under DNS Feeds, the 3 feeds seems to be IP list and not domain name list. What happen when you do a Force Update or a Force Reload DNSBL ? There are probably errors generated in the pfblockerNG logs.

jutje

Hi RonpfS,

Thnx for your fast reply.

Do you get DNS resolution when pfBlockerNG is disabled?

Yes when i have Action Disable under Firewall > pfBlockerNG > DNSBL Feeds

You have enabled Register DHCP leases in the DNS Resolver, beware that this will reload Unbound when a new lease is generated.

Oh thank you i didn't know that part so a have it Disable now

the 3 feeds seems to be IP list and not domain name list

https://imgur.com/a/WIHVn
They are DN's containing txt list of IP's

RonpfS

@jutje:

the 3 feeds seems to be IP list and not domain name list

https://imgur.com/a/WIHVn
They are DN's containing txt list of IP's

Those URLs are for the IP Feeds, not for DNSBL.

jutje

Those URLs are for the IP Feeds, not for DNSBL.

Ooooooooh…. Now i get it! :o ;)
Thnx RonpfS

jutje

RonpfS, I put all ma list and more under Firewall > pfBlockerNG > IPv4. https://imgur.com/a/4efek
But I do still get:

This site can’t be reached

google.com’s server DNS address could not be found.

And when I Disable pfBlockerNG completely e.g. it will start working back again.
What do am doing wrong?

RonpfS

If you don't have any DNSBL feed active, disable DNSBL in pfblockerNG.

Can't tell without more info. Do you ran a Force Update and Force Reload all after making the changes.
You have to dig into System Logs, Resolver Logs, Firewall logs, pfblockerng alerts and logs

jutje

I think i found the issue.
Some of my Lists are too aggressive.

RonpfS

Like firehole … https://forum.pfsense.org/index.php?topic=135257.0

jutje

Like firehole … https://forum.pfsense.org/index.php?topic=135257.0

Yes that was exactly the issue. So i turn that list OFF.

Thnx