PfBlocker Problems



  • Ipv4 seems to be working blocking fine but DNSBL nothing will work, Am I missing something?

    DNS resolver is enabled.
    is there any other settings ive missed was working before I upgraded my hardrive and clean installed.

    Thanks


    ![2017-12-05 (6).png_thumb](/public/imported_attachments/1/2017-12-05 (6).png_thumb)
    ![2017-12-05 (6).png](/public/imported_attachments/1/2017-12-05 (6).png)
    ![2017-12-05 (5).png_thumb](/public/imported_attachments/1/2017-12-05 (5).png_thumb)
    ![2017-12-05 (5).png](/public/imported_attachments/1/2017-12-05 (5).png)
    ![2017-12-05 (4).png_thumb](/public/imported_attachments/1/2017-12-05 (4).png_thumb)
    ![2017-12-05 (4).png](/public/imported_attachments/1/2017-12-05 (4).png)
    ![2017-12-05 (3).png_thumb](/public/imported_attachments/1/2017-12-05 (3).png_thumb)
    ![2017-12-05 (3).png](/public/imported_attachments/1/2017-12-05 (3).png)
    ![2017-12-05 (2).png_thumb](/public/imported_attachments/1/2017-12-05 (2).png_thumb)
    ![2017-12-05 (2).png](/public/imported_attachments/1/2017-12-05 (2).png)
    ![2017-12-05 (1).png_thumb](/public/imported_attachments/1/2017-12-05 (1).png_thumb)
    ![2017-12-05 (1).png](/public/imported_attachments/1/2017-12-05 (1).png)



  • What about pfblockerNG logs?
    Did you do a Force Update, a Force Reload All ?



  • Yes to both and there is nothing in the log I posted a screenshot of it.

    Cheers



  • pfblockerng.log

    
    **Saving configuration ...
    
      Removing DB Files/Folders 
    
    **Saving configuration [ 12/05/17 23:13:38 ] ...
    
      Removing DB Files/Folders 
    
    **Saving configuration [ 12/05/17 23:14:24 ] ...
    
    **Saving configuration [ 12/05/17 23:16:57 ] ...
    
    **Saving configuration [ 12/05/17 23:17:08 ] ...
    
    Saving new DNSBL web server configuration to port [ 8081 and 8443 ]
    Saving pfSense config...
    VIP address configured. Widget Packet statistics reset.
    
    New DNSBL cert createdRestarting Service DNSBL...
    
    **Saving configuration [ 12/05/17 23:17:37 ] ...
    
    **Saving configuration [ 12/05/17 23:18:37 ] ...
    
    **Saving configuration [ 12/05/17 23:19:33 ] ...
     UPDATE PROCESS START [ 12/05/17 23:19:38 ]
    
    ===[  DNSBL Process  ]================================================
    Missing DNSBL stats and/or Unbound DNSBL conf file - Rebuilding
    
    [ malwaredomainlist ]	 Downloading update .. 200 OK.
      ----------------------------------------------------------------------
      Orig.    Unique     # Dups     # White    # Alexa    Final                
      ----------------------------------------------------------------------
      1146     1146       0          0          0          1146                 
      ----------------------------------------------------------------------
    
    [ malwaredomains ]	 Downloading update [ 12/05/17 23:19:41 ] .. 200 OK.
      ----------------------------------------------------------------------
      Orig.    Unique     # Dups     # White    # Alexa    Final                
      ----------------------------------------------------------------------
      14906    14906      16         0          0          14890                
      ----------------------------------------------------------------------
    
    [ bambenek ]		 Downloading update [ 12/05/17 23:19:46 ] .. 200 OK..
      ----------------------------------------------------------------------
      Orig.    Unique     # Dups     # White    # Alexa    Final                
      ----------------------------------------------------------------------
      889400   872175     186        0          0          871989               
      ----------------------------------------------------------------------
    
    [ Yoyo ]		 Downloading update [ 12/05/17 23:20:38 ] .. 200 OK.
      ----------------------------------------------------------------------
      Orig.    Unique     # Dups     # White    # Alexa    Final                
      ----------------------------------------------------------------------
      2497     2497       0          0          0          2497                 
      ----------------------------------------------------------------------
    
    [ Adaway ]		 Downloading update [ 12/05/17 23:20:45 ] .. 200 OK.
      ----------------------------------------------------------------------
      Orig.    Unique     # Dups     # White    # Alexa    Final                
      ----------------------------------------------------------------------
      409      409        4          0          0          405                  
      ----------------------------------------------------------------------
    
    [ Winhelp ]		 Downloading update [ 12/05/17 23:20:53 ] .. 200 OK.
      ----------------------------------------------------------------------
      Orig.    Unique     # Dups     # White    # Alexa    Final                
      ----------------------------------------------------------------------
      13017    13017      542        0          0          12475                
      ----------------------------------------------------------------------
    
      DNSBL: Flush DNSBL_IP
    ------------------------------------------
    Assembling database...
    Adding Unbound Server:Include line... completed
    Validating database... Skipped [ 12/05/17 23:21:05 ]
    Reloading Unbound.... completed
    DNSBL update [ 903402 | PASSED  ]... completed [ 12/05/17 23:21:20 ]
    ------------------------------------------
    DNSBL - Adding Unbound custom 'include' option
    
    ===[  Continent Process  ]============================================
    
    ===[  IPv4 Process  ]=================================================
    
    [ CIArmy ]		 Downloading update .. 200 OK. completed ..
      ------------------------------
      Original Master     Final     
      ------------------------------
      15000    15000      15000       [ Pass ] 
      -----------------------------------------------------------------
    
    [ ZeuS ]		 Downloading update [ 12/05/17 23:21:22 ] .. 200 OK
      Remote timestamp missing . completed ..
      ------------------------------
      Original Master     Final     
      ------------------------------
      119      119        119         [ Pass ] 
      -----------------------------------------------------------------
    
    [ DShield ]		 Downloading update [ 12/05/17 23:21:23 ] .. 200 OK. completed ..
      ------------------------------
      Original Master     Final     
      ------------------------------
      21       40         40          [ Pass ] 
      -----------------------------------------------------------------
    
    [ ETCompromised ]	 Downloading update [ 12/05/17 23:21:25 ] .. 200 OK. completed ..
      ------------------------------
      Original Master     Final     
      ------------------------------
      1583     1512       1512        [ Pass ] 
      -----------------------------------------------------------------
    
    [ ETDshield ]		 Downloading update [ 12/05/17 23:21:28 ] .. 200 OK. completed ..
      ------------------------------
      Original Master     Final     
      ------------------------------
      2104     1975       1975        [ Pass ] 
      -----------------------------------------------------------------
    
    [ Tor ]			 Downloading update [ 12/05/17 23:21:29 ] .. 403 Forbidden
    
     [ pfB_Blacklists - Tor ] Download FAIL
      Firewall and/or IDS are not blocking download.
    
    The Following list has been REMOVED [ Tor ]
    
    ===[  Aliastables / Rules  ]================================
    
    Firewall rule changes found, applying Filter Reload
    
    ===[ FINAL Processing ]=====================================
    
       [ Original IP count   ]  [ 18827 ]
    
       [ Final IP Count  ]  [ 18646 ]
    
    ===[ Deny List IP Counts ]===========================
    
       18646 total
       15000 /var/db/pfblockerng/deny/CIArmy.txt
        1975 /var/db/pfblockerng/deny/ETDshield.txt
        1512 /var/db/pfblockerng/deny/ETCompromised.txt
         119 /var/db/pfblockerng/deny/ZeuS.txt
          40 /var/db/pfblockerng/deny/DShield.txt
    
    ===[ DNSBL Domain/IP Counts ] ===================================
    
      903402 total
      871989 /var/db/pfblockerng/dnsbl/bambenek.txt
       14890 /var/db/pfblockerng/dnsbl/malwaredomains.txt
       12475 /var/db/pfblockerng/dnsbl/Winhelp.txt
        2497 /var/db/pfblockerng/dnsbl/Yoyo.txt
        1146 /var/db/pfblockerng/dnsbl/malwaredomainlist.txt
         405 /var/db/pfblockerng/dnsbl/Adaway.txt
    
    ====================[ Last Updated List Summary ]==============
    
    Dec 5	05:30	ETDshield
    Dec 5	05:31	ETCompromised
    Dec 5	22:25	CIArmy
    Dec 5	23:15	DShield
    Dec 5	23:21	ZeuS
    ===============================================================
    
    Database Sanity check [  PASSED  ]
    ------------------------
    Masterfile/Deny folder uniq check
    Deny folder/Masterfile uniq check
    
    Sync check (Pass=No IPs reported)
    ----------
    
    IPv4 alias tables IP count
    -----------------------------
    18647
    
    IPv6 alias tables IP count
    -----------------------------
    0
    
    Alias table IP Counts
    -----------------------------
       18647 total
       18646 /var/db/aliastables/pfB_Blacklists.txt
           1 /var/db/aliastables/pfB_DNSBLIP.txt
    
    pfSense Table Stats
    -------------------
    table-entries hard limit  2000000
    Table Usage Count         96244
    
     UPDATE PROCESS ENDED [ 12/05/17 23:21:30 ]
    
    **Saving configuration [ 12/05/17 23:28:58 ] ...
    Restarting Service DNSBL...
    
    **Saving configuration [ 12/05/17 23:34:57 ] ...
     CRON  PROCESS  START [ 12/05/17 23:35:08 ]
    [ CIArmy ]
      Remote timestamp: Tue, 05 Dec 2017 23:25:01 GMT
      Local  timestamp: Tue, 05 Dec 2017 22:25:01 GMT	Update found
    [ ZeuS ]
    	( No remote timestamp/md5 unchanged )		Update not required
    [ DShield ]
      Remote timestamp: Tue, 05 Dec 2017 23:30:04 GMT
      Local  timestamp: Tue, 05 Dec 2017 23:15:39 GMT	Update found
    [ ETCompromised ]
      Remote timestamp: Tue, 05 Dec 2017 05:31:22 GMT
      Local  timestamp: Tue, 05 Dec 2017 05:31:22 GMT	Update not required
    [ ETDshield ]
      Remote timestamp: Tue, 05 Dec 2017 05:30:03 GMT
      Local  timestamp: Tue, 05 Dec 2017 05:30:03 GMT	Update not required
    [ Tor ]
    							Update found
    [ malwaredomainlist ]
      Remote timestamp: Mon, 04 Dec 2017 19:18:42 GMT
      Local  timestamp: Mon, 04 Dec 2017 19:18:42 GMT	Update not required
    [ malwaredomains ]
      Remote timestamp: Fri, 01 Dec 2017 22:49:37 GMT
      Local  timestamp: Fri, 01 Dec 2017 22:49:37 GMT	Update not required
    [ bambenek ]
      Remote timestamp: Tue, 05 Dec 2017 00:15:16 GMT
      Local  timestamp: Tue, 05 Dec 2017 00:15:16 GMT	Update not required
    [ Yoyo ]
      Remote timestamp: Mon, 04 Dec 2017 16:43:31 GMT
      Local  timestamp: Mon, 04 Dec 2017 16:43:31 GMT	Update not required
    [ Adaway ]
      Remote timestamp: Sun, 17 Sep 2017 03:35:29 GMT
      Local  timestamp: Sun, 17 Sep 2017 03:35:29 GMT	Update not required
    [ Winhelp ]
      Remote timestamp: Thu, 30 Nov 2017 19:30:44 GMT
      Local  timestamp: Thu, 30 Nov 2017 19:30:44 GMT	Update not required
     UPDATE PROCESS START [ 12/05/17 23:35:14 ]
    
    ===[  DNSBL Process  ]================================================
    
    [ malwaredomainlist ]	 exists.
    [ malwaredomains ]	 exists.
    [ bambenek ]		 exists.
    [ Yoyo ]		 exists.
    [ Adaway ]		 exists.
    [ Winhelp ]		 exists.
      DNSBL: Flush DNSBL_IP
    
    ===[  Continent Process  ]============================================
    
    ===[  IPv4 Process  ]=================================================
    
    [ CIArmy ]		 Downloading update .. 200 OK. completed ..
    
    [ ZeuS ]		 exists. [ 12/05/17 23:35:17 ]
    [ DShield ]		 Downloading update .. 200 OK. completed ..
    
    [ ETCompromised ]	 exists. [ 12/05/17 23:35:18 ]
    [ ETDshield ]		 exists.
    [ Tor ]			 Downloading update .. 200 OK
      Remote timestamp missing . completed ..
    
    ===[  Aliastables / Rules  ]==========================================
    
    No changes to Firewall rules, skipping Filter Reload
    
     Updating: pfB_Blacklists
    12900 addresses added.6488 addresses deleted.
    
    ===[ FINAL Processing ]=====================================
    
       [ Original IP count   ]  [ 25273 ]
    
    ===[ Deny List IP Counts ]===========================
    
       25093 total
       15000 /var/db/pfblockerng/deny/CIArmy.txt
        6447 /var/db/pfblockerng/deny/Tor.txt
        1975 /var/db/pfblockerng/deny/ETDshield.txt
        1512 /var/db/pfblockerng/deny/ETCompromised.txt
         119 /var/db/pfblockerng/deny/ZeuS.txt
          40 /var/db/pfblockerng/deny/DShield.txt
    
    ===[ DNSBL Domain/IP Counts ] ===================================
    
      903402 total
      871989 /var/db/pfblockerng/dnsbl/bambenek.txt
       14890 /var/db/pfblockerng/dnsbl/malwaredomains.txt
       12475 /var/db/pfblockerng/dnsbl/Winhelp.txt
        2497 /var/db/pfblockerng/dnsbl/Yoyo.txt
        1146 /var/db/pfblockerng/dnsbl/malwaredomainlist.txt
         405 /var/db/pfblockerng/dnsbl/Adaway.txt
    
    ====================[ Last Updated List Summary ]==============
    
    Dec 5	05:30	ETDshield
    Dec 5	05:31	ETCompromised
    Dec 5	23:21	ZeuS
    Dec 5	23:25	CIArmy
    Dec 5	23:30	DShield
    Dec 5	23:35	Tor
    
    IPv4 alias tables IP count
    -----------------------------
    25094
    
    IPv6 alias tables IP count
    -----------------------------
    0
    
    Alias table IP Counts
    -----------------------------
       25094 total
       25093 /var/db/aliastables/pfB_Blacklists.txt
           1 /var/db/aliastables/pfB_DNSBLIP.txt
    
    pfSense Table Stats
    -------------------
    table-entries hard limit  2000000
    Table Usage Count         121303
    
     UPDATE PROCESS ENDED [ 12/05/17 23:35:19 ]
    
    **Saving configuration [ 12/05/17 23:49:42 ] ...
     UPDATE PROCESS START [ 12/05/17 23:49:49 ]
    
    ===[  DNSBL Process  ]================================================
    
    [ malwaredomainlist ]	 Reload . completed ..
      ----------------------------------------------------------------------
      Orig.    Unique     # Dups     # White    # Alexa    Final                
      ----------------------------------------------------------------------
      1146     1146       0          0          0          1146                 
      ----------------------------------------------------------------------
    
    [ malwaredomains ]	 Reload . completed ..
      ----------------------------------------------------------------------
      Orig.    Unique     # Dups     # White    # Alexa    Final                
      ----------------------------------------------------------------------
      14906    14906      16         0          0          14890                
      ----------------------------------------------------------------------
    
    [ bambenek ]		 Reload [ 12/05/17 23:49:50 ] . completed ..
      ----------------------------------------------------------------------
      Orig.    Unique     # Dups     # White    # Alexa    Final                
      ----------------------------------------------------------------------
      889400   872175     186        0          0          871989               
      ----------------------------------------------------------------------
    
    [ Yoyo ]		 Reload [ 12/05/17 23:50:38 ] . completed ..
      ----------------------------------------------------------------------
      Orig.    Unique     # Dups     # White    # Alexa    Final                
      ----------------------------------------------------------------------
      2497     2497       0          0          0          2497                 
      ----------------------------------------------------------------------
    
    [ Adaway ]		 Reload [ 12/05/17 23:50:40 ] . completed ..
      ----------------------------------------------------------------------
      Orig.    Unique     # Dups     # White    # Alexa    Final                
      ----------------------------------------------------------------------
      409      409        4          0          0          405                  
      ----------------------------------------------------------------------
    
    [ Winhelp ]		 Reload [ 12/05/17 23:50:43 ] . completed ..
      ----------------------------------------------------------------------
      Orig.    Unique     # Dups     # White    # Alexa    Final                
      ----------------------------------------------------------------------
      13017    13017      542        0          0          12475                
      ----------------------------------------------------------------------
    
    [ Youtube ]		 Downloading update [ 12/05/17 23:50:45 ] .. 200 OK.
      ----------------------------------------------------------------------
      Orig.    Unique     # Dups     # White    # Alexa    Final                
      ----------------------------------------------------------------------
      1754     1549       19         0          0          1530                 
      ----------------------------------------------------------------------
    
      DNSBL: Flush DNSBL_IP
    ------------------------------------------
    Assembling database... completed
    Validating database... Skipped [ 12/05/17 23:51:06 ]
    Reloading Unbound.... completed
    DNSBL update [ 904932 | PASSED  ]... completed [ 12/05/17 23:51:21 ]
    ------------------------------------------
    
    ===[  Continent Process  ]============================================
    
    ===[  IPv4 Process  ]=================================================
    
    [ CIArmy ]		 Reload . completed ..
    
    [ ZeuS ]		 Reload [ 12/05/17 23:51:22 ] . completed ..
    
    [ DShield ]		 Reload . completed ..
    
    [ ETCompromised ]	 Reload . completed ..
    
    [ ETDshield ]		 Reload . completed ..
    
    [ Tor ]			 Reload . completed ..
    
    ===[  Aliastables / Rules  ]==========================================
    
    No changes to Firewall rules, skipping Filter Reload
    
     Updating: pfB_Blacklists
    28 addresses added.
    
    ===[ FINAL Processing ]=====================================
    
       [ Original IP count   ]  [ 25273 ]
    
    ===[ Deny List IP Counts ]===========================
    
       25293 total
       15000 /var/db/pfblockerng/deny/CIArmy.txt
        6447 /var/db/pfblockerng/deny/Tor.txt
        2104 /var/db/pfblockerng/deny/ETDshield.txt
        1583 /var/db/pfblockerng/deny/ETCompromised.txt
         119 /var/db/pfblockerng/deny/ZeuS.txt
          40 /var/db/pfblockerng/deny/DShield.txt
    
    ===[ DNSBL Domain/IP Counts ] ===================================
    
      904932 total
      871989 /var/db/pfblockerng/dnsbl/bambenek.txt
       14890 /var/db/pfblockerng/dnsbl/malwaredomains.txt
       12475 /var/db/pfblockerng/dnsbl/Winhelp.txt
        2497 /var/db/pfblockerng/dnsbl/Yoyo.txt
        1530 /var/db/pfblockerng/dnsbl/Youtube.txt
        1146 /var/db/pfblockerng/dnsbl/malwaredomainlist.txt
         405 /var/db/pfblockerng/dnsbl/Adaway.txt
    
    ====================[ Last Updated List Summary ]==============
    
    Dec 5	05:30	ETDshield
    Dec 5	05:31	ETCompromised
    Dec 5	23:21	ZeuS
    Dec 5	23:25	CIArmy
    Dec 5	23:30	DShield
    Dec 5	23:35	Tor
    
    IPv4 alias tables IP count
    -----------------------------
    25294
    
    IPv6 alias tables IP count
    -----------------------------
    0
    
    Alias table IP Counts
    -----------------------------
       25294 total
       25293 /var/db/aliastables/pfB_Blacklists.txt
           1 /var/db/aliastables/pfB_DNSBLIP.txt
    
    pfSense Table Stats
    -------------------
    table-entries hard limit  2000000
    Table Usage Count         121331
    
     UPDATE PROCESS ENDED [ 12/05/17 23:51:23 ]
    
    **Saving configuration [ 12/05/17 23:56:10 ] ...
    
    **Saving configuration [ 12/05/17 23:57:47 ] ...
    
    

    extras.log

    Country code update Start [ 12/05/17 23:12:49 ]
     Converting MaxMind Country databases for pfBlockerNG.
     Processing ISO IPv4 Continent/Country Data [ 12/05/17 23:12:50 ]
     Processing ISO IPv6 Continent/Country Data [ 12/05/17 23:13:07 ]
     Creating pfBlockerNG Continent XML files
     IPv4 Africa			 [ 12/05/17 23:13:11 ]
     IPv6 Africa			
     IPv4 Antarctica		
     IPv6 Antarctica		
     IPv4 Asia			
     IPv6 Asia			 [ 12/05/17 23:13:13 ]
     IPv4 Europe			
     IPv6 Europe			 [ 12/05/17 23:13:19 ]
     IPv4 North America		 [ 12/05/17 23:13:22 ]
     IPv6 North America		 [ 12/05/17 23:13:26 ]
     IPv4 Oceania			
     IPv6 Oceania			 [ 12/05/17 23:13:27 ]
     IPv4 South America		
     IPv6 South America		
     IPv4 Proxy and Satellite	
     IPv6 Proxy and Satellite	
     IPv4 TOP 20			
     IPv6 TOP 20			 [ 12/05/17 23:13:28 ]
     pfBlockerNG Reputation Tab
    Country Code Update Ended
    
    

    maxmind_ver

    MaxMind GeoLite2 Date/Time Stamp
    Last-Modified: Mon, 06 Nov 2017 19:15:47 GMT
    Duplicate Represented IP4 Networks: 31851
    Duplicate Represented IP6 Networks: 3052
    
    

    All other logs are blank or missing.



  • Did you try to access any Domain that are blocked by dnsbl (Logs / DNSBL Files),
    One domain from Adaway: http://mobiledl.adobe.com/



  • @RonpfS:

    Did you try to access any Domain that are blocked by dnsbl (Logs / DNSBL Files),
    One domain from Adaway: http://mobiledl.adobe.com/

    When I go to yahoo its covered in Ads, The Ipv4 black list is working but DNSBL ads and malware lists are not.



  • On pfsense what does this look like

    dig mobiledl.adobe.com
    
    ; <<>> DiG 9.11.2 <<>> mobiledl.adobe.com
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40091
    ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
    
    ;; OPT PSEUDOSECTION:
    ; EDNS: version: 0, flags:; udp: 4096
    ;; QUESTION SECTION:
    ;mobiledl.adobe.com.		IN	A
    
    ;; ANSWER SECTION:
    mobiledl.adobe.com.	60	IN	A	10.10.10.1
    
    ;; Query time: 0 msec
    ;; SERVER: 127.0.0.1#53(127.0.0.1)
    ;; WHEN: Tue Dec 05 19:13:56 EST 2017
    ;; MSG SIZE  rcvd: 63
    


  • @RonpfS:

    On pfsense what does this look like

    dig mobiledl.adobe.com
    
    ; <<>> DiG 9.11.2 <<>> mobiledl.adobe.com
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40091
    ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
    
    ;; OPT PSEUDOSECTION:
    ; EDNS: version: 0, flags:; udp: 4096
    ;; QUESTION SECTION:
    ;mobiledl.adobe.com.		IN	A
    
    ;; ANSWER SECTION:
    mobiledl.adobe.com.	60	IN	A	10.10.10.1
    
    ;; Query time: 0 msec
    ;; SERVER: 127.0.0.1#53(127.0.0.1)
    ;; WHEN: Tue Dec 05 19:13:56 EST 2017
    ;; MSG SIZE  rcvd: 63
    

    on that page on chrome I get this

    Invalid URL

    The requested URL "[no URL]", is invalid.
    Reference #9.1f7469d5.1512519331.2d2d26a0



  • But that is in my

    pfB_Blacklists IPv4 not DNSBL



  • You can also Diagnostics / Command prompt to run the dig command

    For DNSBL to function, your devices have to use the pfsense DNS Resolver. On on those device you need to check the DNS service resolution config.
    On a Windows system, open a command prompt and to a nslookup of one FQDN from you DSNBL Files.
    Devices also have to be able to reach the VIP (10.10.10.1), try to ping the VIP ip from that device. Try to open your VIP on a browser.



  • I know its not working as ont he widget the packets don't update just stays on 0 used to go up etc…

    It used to just work on everything in the house I never did anything to each device.

    it just worked haha.



  • Check the Services page and restart pfblockerNG services
    Check the System Logs General and Resolver



  • @RonpfS:

    Check the Services page and restart pfblockerNG services
    Check the System Logs General and Resolver

    Silly question where are the "Check the System Logs General and Resolver" I can't find them.



  • Status / System Logs / System / General
    Status / System Logs / System / DNS Resolver



  • @RonpfS:

    Status / System Logs / System / General
    Status / System Logs / System / DNS Resolver

    Thanks

    Last 2 General Log Entries. (Maximum 50)
    Time	Process	PID	Message
    Dec 6 00:37:03	syslogd		kernel boot file is /boot/kernel/kernel
    Dec 6 00:37:09	pfsense.localdomain		nginx: 2017/12/06 00:37:09 [error] 35192#100148: send() failed (54: Connection reset by peer)
    
    Last 11 DNS Resolver Log Entries. (Maximum 50)
    Time	Process	PID	Message
    Dec 6 00:37:28	unbound	78841:0	notice: init module 0: validator
    Dec 6 00:37:28	unbound	78841:0	notice: init module 1: iterator
    Dec 6 00:37:28	unbound	78841:0	info: start of service (unbound 1.6.6).
    Dec 6 00:37:28	unbound	78841:0	info: service stopped (unbound 1.6.6).
    Dec 6 00:37:28	unbound	78841:0	info: server stats for thread 0: 1 queries, 0 answers from cache, 1 recursions, 0 prefetch, 0 rejected by ip ratelimiting
    Dec 6 00:37:28	unbound	78841:0	info: server stats for thread 0: requestlist max 0 avg 0 exceeded 0 jostled 0
    Dec 6 00:37:28	unbound	78841:0	info: server stats for thread 1: 1 queries, 0 answers from cache, 1 recursions, 0 prefetch, 0 rejected by ip ratelimiting
    Dec 6 00:37:28	unbound	78841:0	info: server stats for thread 1: requestlist max 0 avg 0 exceeded 0 jostled 0
    Dec 6 00:37:43	unbound	41622:0	notice: init module 0: validator
    Dec 6 00:37:43	unbound	41622:0	notice: init module 1: iterator
    Dec 6 00:37:43	unbound	41622:0	info: start of service (unbound 1.6.6).
    

    Nothing bad really. (I think)
    Thanks again for the help. I hate ads can't wait to get this going again.



  • Last 2 General Log Entries. (Maximum 50)

    Strange that you only get 2 entries …
    Maybe increase the log files size (may need to Reset logs for this to take effect)
    Also increase the GUI Log Entries

    You didn't answer my questions about dig, VIP ping etc



  • @RonpfS:

    Last 2 General Log Entries. (Maximum 50)

    Strange that you only get 2 entries …
    Maybe increase the log files size (may need to Reset logs for this to take effect)
    Also increase the GUI Log Entries

    You didn't answer my questions about dig, VIP ping etc

    Done
    Did you edit that part it I missed it

    C:\Users\darkv>nslookup DQDN
    Server:  resolver1.opendns.com
    Address:  208.67.222.222
    
    *** resolver1.opendns.com can't find DQDN: Non-existent domain
    
    C:\Users\darkv>ping 10.10.10.1
    
    Pinging 10.10.10.1 with 32 bytes of data:
    Reply from 10.10.10.1: bytes=32 time=1ms TTL=64
    Reply from 10.10.10.1: bytes=32 time=1ms TTL=64
    Reply from 10.10.10.1: bytes=32 time=1ms TTL=64
    Reply from 10.10.10.1: bytes=32 time=1ms TTL=64
    
    Ping statistics for 10.10.10.1:
        Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
    Approximate round trip times in milli-seconds:
        Minimum = 1ms, Maximum = 1ms, Average = 1ms
    
    C:\Users\darkv>
    


  • Yes I did edited my post  :P
    FQDN is Fully qualified domain name … so pick one hostname from your Firewall / pfBlockerNG / Log Browser / DNSBL Files and do nslookup on it

    nslookup mobiledl.adobe.com
    Serveur :   pfsense.localdomain
    Address:  172.xxx.xxx.254
    
    Nom :    mobiledl.adobe.com
    Address:  10.10.10.1
    


  • You mean like this?

    C:\Users\darkv>nslookup amoffers.hasoffers.com
    Server:  resolver1.opendns.com
    Address:  208.67.222.222
    
    Non-authoritative answer:
    Name:    use-app04.hasoffers.com
    Addresses:  52.5.77.91
              52.6.99.184
              34.230.229.216
    Aliases:  amoffers.hasoffers.com
    
    C:\Users\darkv>nslookup mobiledl.adobe.com
    Server:  resolver1.opendns.com
    Address:  208.67.222.222
    
    Non-authoritative answer:
    Name:    a1800.g.akamai.net
    Addresses:  213.104.143.171
              213.104.143.162
    Aliases:  mobiledl.adobe.com
              mobiledl.adobe.com.edgesuite.net
    
    


  • Yes
    This shows that your Windows is using resolver1.opendns.com for DNS resolution.
    Now do dig amoffers.hasoffers.com in    Diagnostics / Command Prompt

    Next check / post  your DNS Resolver configuration



  • @RonpfS:

    Yes
    This shows that your Windows is using resolver1.opendns.com for DNS resolution.
    Now do dig amoffers.hasoffers.com in    Diagnostics / Command Prompt

    Next check / post  your DNS Resolver configuration

    This? lol sorry not very good at this

    Shell Output - dig amoffers.hasoffers.com
    ; <<>> DiG 9.11.2 <<>> amoffers.hasoffers.com
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1168
    ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
    
    ;; OPT PSEUDOSECTION:
    ; EDNS: version: 0, flags:; udp: 4096
    ;; QUESTION SECTION:
    ;amoffers.hasoffers.com.		IN	A
    
    ;; ANSWER SECTION:
    amoffers.hasoffers.com.	60	IN	A	10.10.10.1
    
    ;; Query time: 0 msec
    ;; SERVER: 127.0.0.1#53(127.0.0.1)
    ;; WHEN: Wed Dec 06 01:05:23 GMT 2017
    ;; MSG SIZE  rcvd: 67
    

    ![2017-12-06 (1).png_thumb](/public/imported_attachments/1/2017-12-06 (1).png_thumb)
    ![2017-12-06 (1).png](/public/imported_attachments/1/2017-12-06 (1).png)



  • So pfsense DNSBL is doing it's job on pfsense.
    It's your device that is not using pfsense for DNS resolution. Does it get it's IP from pfsense via DHCP ?
    What kind of antivirus / internet security are you using on your Windows. Some like AVG provide there own solution for DNS :

    @BBcan177:

    @xphiles:

    so after much troubleshooting and trying things at the firewall level, i disabled my full avg protection and it works on the host(s) in question. so I have to granularly figure out which service in AVG is messing up my dns

    I think this is what you were looking for:
        https://help.avg.com/en/avg_free/17/securityantivirus_securedns.html



  • Yes every device has an IP from pfsense and zero antivirus / security

    Even my roku is showing ads but its got a ip from pfsense.



  • Check what DNS server is configured in the DHCP service. Leave empty to use pfsense config



  • @RonpfS:

    Check what DNS server is configured in the DHCP services. Leave empty to use pfsense config

    208.67.222.222
    208.67.220.220

    is in there ill delete them and reboot.



  • Un-plug/re-plug the ethernet cable will do the same.
    Or in Windows cmd  run "ipconfig /renew"
    "ipconfig" alone will show you the configuration



  • @RonpfS:

    Check what DNS server is configured in the DHCP service. Leave empty to use pfsense config

    DNSBL_Ads 67595 155
    YAY its working

    Guess its my fault as im trying to use opendns filting

    Thanks so much now to get this opendns to work :)



  • Well that something you may want to use to bypass your ISP DNS server, or to provide Parental control that some DNS services provide.

    You could still use OpenDNS by using the Forwarding mode of pfsense DNS Resolver, but this mode requires all DNS servers used in forwarding mode to support DNSSEC.

    On the other end, unbound talk to the root server so it's provide "clean" and fast DNS Service.



  • @RonpfS:

    Well that something you may want to use to bypass your ISP DNS server, or to provide Parental control that some DNS services provide.

    You could still use OpenDNS by using the Forwarding mode of pfsense DNS Resolver, but this mode requires all DNS servers used in forwarding mode to support DNSSEC.

    On the other end, unbound talk to the root server so it's provide "clean" and fast DNS Service.

    yea I did try Forwarding mode but pfblocker did not work with it on and resolver off :)


  • Moderator

    @Riftcore34:

    yea I did try Forwarding mode but pfblocker did not work with it on and resolver off :)

    Unbound can be used in "Forwarder" or "Resolver" mode…  So don't get that mixed up with DNSMasq which is a "Forwarder" only... :)