PfBlocker Problems
-
Yes to both and there is nothing in the log I posted a screenshot of it.
Cheers
-
pfblockerng.log
**Saving configuration ... Removing DB Files/Folders **Saving configuration [ 12/05/17 23:13:38 ] ... Removing DB Files/Folders **Saving configuration [ 12/05/17 23:14:24 ] ... **Saving configuration [ 12/05/17 23:16:57 ] ... **Saving configuration [ 12/05/17 23:17:08 ] ... Saving new DNSBL web server configuration to port [ 8081 and 8443 ] Saving pfSense config... VIP address configured. Widget Packet statistics reset. New DNSBL cert createdRestarting Service DNSBL... **Saving configuration [ 12/05/17 23:17:37 ] ... **Saving configuration [ 12/05/17 23:18:37 ] ... **Saving configuration [ 12/05/17 23:19:33 ] ... UPDATE PROCESS START [ 12/05/17 23:19:38 ] ===[ DNSBL Process ]================================================ Missing DNSBL stats and/or Unbound DNSBL conf file - Rebuilding [ malwaredomainlist ] Downloading update .. 200 OK. ---------------------------------------------------------------------- Orig. Unique # Dups # White # Alexa Final ---------------------------------------------------------------------- 1146 1146 0 0 0 1146 ---------------------------------------------------------------------- [ malwaredomains ] Downloading update [ 12/05/17 23:19:41 ] .. 200 OK. ---------------------------------------------------------------------- Orig. Unique # Dups # White # Alexa Final ---------------------------------------------------------------------- 14906 14906 16 0 0 14890 ---------------------------------------------------------------------- [ bambenek ] Downloading update [ 12/05/17 23:19:46 ] .. 200 OK.. ---------------------------------------------------------------------- Orig. Unique # Dups # White # Alexa Final ---------------------------------------------------------------------- 889400 872175 186 0 0 871989 ---------------------------------------------------------------------- [ Yoyo ] Downloading update [ 12/05/17 23:20:38 ] .. 200 OK. ---------------------------------------------------------------------- Orig. Unique # Dups # White # Alexa Final ---------------------------------------------------------------------- 2497 2497 0 0 0 2497 ---------------------------------------------------------------------- [ Adaway ] Downloading update [ 12/05/17 23:20:45 ] .. 200 OK. ---------------------------------------------------------------------- Orig. Unique # Dups # White # Alexa Final ---------------------------------------------------------------------- 409 409 4 0 0 405 ---------------------------------------------------------------------- [ Winhelp ] Downloading update [ 12/05/17 23:20:53 ] .. 200 OK. ---------------------------------------------------------------------- Orig. Unique # Dups # White # Alexa Final ---------------------------------------------------------------------- 13017 13017 542 0 0 12475 ---------------------------------------------------------------------- DNSBL: Flush DNSBL_IP ------------------------------------------ Assembling database... Adding Unbound Server:Include line... completed Validating database... Skipped [ 12/05/17 23:21:05 ] Reloading Unbound.... completed DNSBL update [ 903402 | PASSED ]... completed [ 12/05/17 23:21:20 ] ------------------------------------------ DNSBL - Adding Unbound custom 'include' option ===[ Continent Process ]============================================ ===[ IPv4 Process ]================================================= [ CIArmy ] Downloading update .. 200 OK. completed .. ------------------------------ Original Master Final ------------------------------ 15000 15000 15000 [ Pass ] ----------------------------------------------------------------- [ ZeuS ] Downloading update [ 12/05/17 23:21:22 ] .. 200 OK Remote timestamp missing . completed .. ------------------------------ Original Master Final ------------------------------ 119 119 119 [ Pass ] ----------------------------------------------------------------- [ DShield ] Downloading update [ 12/05/17 23:21:23 ] .. 200 OK. completed .. ------------------------------ Original Master Final ------------------------------ 21 40 40 [ Pass ] ----------------------------------------------------------------- [ ETCompromised ] Downloading update [ 12/05/17 23:21:25 ] .. 200 OK. completed .. ------------------------------ Original Master Final ------------------------------ 1583 1512 1512 [ Pass ] ----------------------------------------------------------------- [ ETDshield ] Downloading update [ 12/05/17 23:21:28 ] .. 200 OK. completed .. ------------------------------ Original Master Final ------------------------------ 2104 1975 1975 [ Pass ] ----------------------------------------------------------------- [ Tor ] Downloading update [ 12/05/17 23:21:29 ] .. 403 Forbidden [ pfB_Blacklists - Tor ] Download FAIL Firewall and/or IDS are not blocking download. The Following list has been REMOVED [ Tor ] ===[ Aliastables / Rules ]================================ Firewall rule changes found, applying Filter Reload ===[ FINAL Processing ]===================================== [ Original IP count ] [ 18827 ] [ Final IP Count ] [ 18646 ] ===[ Deny List IP Counts ]=========================== 18646 total 15000 /var/db/pfblockerng/deny/CIArmy.txt 1975 /var/db/pfblockerng/deny/ETDshield.txt 1512 /var/db/pfblockerng/deny/ETCompromised.txt 119 /var/db/pfblockerng/deny/ZeuS.txt 40 /var/db/pfblockerng/deny/DShield.txt ===[ DNSBL Domain/IP Counts ] =================================== 903402 total 871989 /var/db/pfblockerng/dnsbl/bambenek.txt 14890 /var/db/pfblockerng/dnsbl/malwaredomains.txt 12475 /var/db/pfblockerng/dnsbl/Winhelp.txt 2497 /var/db/pfblockerng/dnsbl/Yoyo.txt 1146 /var/db/pfblockerng/dnsbl/malwaredomainlist.txt 405 /var/db/pfblockerng/dnsbl/Adaway.txt ====================[ Last Updated List Summary ]============== Dec 5 05:30 ETDshield Dec 5 05:31 ETCompromised Dec 5 22:25 CIArmy Dec 5 23:15 DShield Dec 5 23:21 ZeuS =============================================================== Database Sanity check [ PASSED ] ------------------------ Masterfile/Deny folder uniq check Deny folder/Masterfile uniq check Sync check (Pass=No IPs reported) ---------- IPv4 alias tables IP count ----------------------------- 18647 IPv6 alias tables IP count ----------------------------- 0 Alias table IP Counts ----------------------------- 18647 total 18646 /var/db/aliastables/pfB_Blacklists.txt 1 /var/db/aliastables/pfB_DNSBLIP.txt pfSense Table Stats ------------------- table-entries hard limit 2000000 Table Usage Count 96244 UPDATE PROCESS ENDED [ 12/05/17 23:21:30 ] **Saving configuration [ 12/05/17 23:28:58 ] ... Restarting Service DNSBL... **Saving configuration [ 12/05/17 23:34:57 ] ... CRON PROCESS START [ 12/05/17 23:35:08 ] [ CIArmy ] Remote timestamp: Tue, 05 Dec 2017 23:25:01 GMT Local timestamp: Tue, 05 Dec 2017 22:25:01 GMT Update found [ ZeuS ] ( No remote timestamp/md5 unchanged ) Update not required [ DShield ] Remote timestamp: Tue, 05 Dec 2017 23:30:04 GMT Local timestamp: Tue, 05 Dec 2017 23:15:39 GMT Update found [ ETCompromised ] Remote timestamp: Tue, 05 Dec 2017 05:31:22 GMT Local timestamp: Tue, 05 Dec 2017 05:31:22 GMT Update not required [ ETDshield ] Remote timestamp: Tue, 05 Dec 2017 05:30:03 GMT Local timestamp: Tue, 05 Dec 2017 05:30:03 GMT Update not required [ Tor ] Update found [ malwaredomainlist ] Remote timestamp: Mon, 04 Dec 2017 19:18:42 GMT Local timestamp: Mon, 04 Dec 2017 19:18:42 GMT Update not required [ malwaredomains ] Remote timestamp: Fri, 01 Dec 2017 22:49:37 GMT Local timestamp: Fri, 01 Dec 2017 22:49:37 GMT Update not required [ bambenek ] Remote timestamp: Tue, 05 Dec 2017 00:15:16 GMT Local timestamp: Tue, 05 Dec 2017 00:15:16 GMT Update not required [ Yoyo ] Remote timestamp: Mon, 04 Dec 2017 16:43:31 GMT Local timestamp: Mon, 04 Dec 2017 16:43:31 GMT Update not required [ Adaway ] Remote timestamp: Sun, 17 Sep 2017 03:35:29 GMT Local timestamp: Sun, 17 Sep 2017 03:35:29 GMT Update not required [ Winhelp ] Remote timestamp: Thu, 30 Nov 2017 19:30:44 GMT Local timestamp: Thu, 30 Nov 2017 19:30:44 GMT Update not required UPDATE PROCESS START [ 12/05/17 23:35:14 ] ===[ DNSBL Process ]================================================ [ malwaredomainlist ] exists. [ malwaredomains ] exists. [ bambenek ] exists. [ Yoyo ] exists. [ Adaway ] exists. [ Winhelp ] exists. DNSBL: Flush DNSBL_IP ===[ Continent Process ]============================================ ===[ IPv4 Process ]================================================= [ CIArmy ] Downloading update .. 200 OK. completed .. [ ZeuS ] exists. [ 12/05/17 23:35:17 ] [ DShield ] Downloading update .. 200 OK. completed .. [ ETCompromised ] exists. [ 12/05/17 23:35:18 ] [ ETDshield ] exists. [ Tor ] Downloading update .. 200 OK Remote timestamp missing . completed .. ===[ Aliastables / Rules ]========================================== No changes to Firewall rules, skipping Filter Reload Updating: pfB_Blacklists 12900 addresses added.6488 addresses deleted. ===[ FINAL Processing ]===================================== [ Original IP count ] [ 25273 ] ===[ Deny List IP Counts ]=========================== 25093 total 15000 /var/db/pfblockerng/deny/CIArmy.txt 6447 /var/db/pfblockerng/deny/Tor.txt 1975 /var/db/pfblockerng/deny/ETDshield.txt 1512 /var/db/pfblockerng/deny/ETCompromised.txt 119 /var/db/pfblockerng/deny/ZeuS.txt 40 /var/db/pfblockerng/deny/DShield.txt ===[ DNSBL Domain/IP Counts ] =================================== 903402 total 871989 /var/db/pfblockerng/dnsbl/bambenek.txt 14890 /var/db/pfblockerng/dnsbl/malwaredomains.txt 12475 /var/db/pfblockerng/dnsbl/Winhelp.txt 2497 /var/db/pfblockerng/dnsbl/Yoyo.txt 1146 /var/db/pfblockerng/dnsbl/malwaredomainlist.txt 405 /var/db/pfblockerng/dnsbl/Adaway.txt ====================[ Last Updated List Summary ]============== Dec 5 05:30 ETDshield Dec 5 05:31 ETCompromised Dec 5 23:21 ZeuS Dec 5 23:25 CIArmy Dec 5 23:30 DShield Dec 5 23:35 Tor IPv4 alias tables IP count ----------------------------- 25094 IPv6 alias tables IP count ----------------------------- 0 Alias table IP Counts ----------------------------- 25094 total 25093 /var/db/aliastables/pfB_Blacklists.txt 1 /var/db/aliastables/pfB_DNSBLIP.txt pfSense Table Stats ------------------- table-entries hard limit 2000000 Table Usage Count 121303 UPDATE PROCESS ENDED [ 12/05/17 23:35:19 ] **Saving configuration [ 12/05/17 23:49:42 ] ... UPDATE PROCESS START [ 12/05/17 23:49:49 ] ===[ DNSBL Process ]================================================ [ malwaredomainlist ] Reload . completed .. ---------------------------------------------------------------------- Orig. Unique # Dups # White # Alexa Final ---------------------------------------------------------------------- 1146 1146 0 0 0 1146 ---------------------------------------------------------------------- [ malwaredomains ] Reload . completed .. ---------------------------------------------------------------------- Orig. Unique # Dups # White # Alexa Final ---------------------------------------------------------------------- 14906 14906 16 0 0 14890 ---------------------------------------------------------------------- [ bambenek ] Reload [ 12/05/17 23:49:50 ] . completed .. ---------------------------------------------------------------------- Orig. Unique # Dups # White # Alexa Final ---------------------------------------------------------------------- 889400 872175 186 0 0 871989 ---------------------------------------------------------------------- [ Yoyo ] Reload [ 12/05/17 23:50:38 ] . completed .. ---------------------------------------------------------------------- Orig. Unique # Dups # White # Alexa Final ---------------------------------------------------------------------- 2497 2497 0 0 0 2497 ---------------------------------------------------------------------- [ Adaway ] Reload [ 12/05/17 23:50:40 ] . completed .. ---------------------------------------------------------------------- Orig. Unique # Dups # White # Alexa Final ---------------------------------------------------------------------- 409 409 4 0 0 405 ---------------------------------------------------------------------- [ Winhelp ] Reload [ 12/05/17 23:50:43 ] . completed .. ---------------------------------------------------------------------- Orig. Unique # Dups # White # Alexa Final ---------------------------------------------------------------------- 13017 13017 542 0 0 12475 ---------------------------------------------------------------------- [ Youtube ] Downloading update [ 12/05/17 23:50:45 ] .. 200 OK. ---------------------------------------------------------------------- Orig. Unique # Dups # White # Alexa Final ---------------------------------------------------------------------- 1754 1549 19 0 0 1530 ---------------------------------------------------------------------- DNSBL: Flush DNSBL_IP ------------------------------------------ Assembling database... completed Validating database... Skipped [ 12/05/17 23:51:06 ] Reloading Unbound.... completed DNSBL update [ 904932 | PASSED ]... completed [ 12/05/17 23:51:21 ] ------------------------------------------ ===[ Continent Process ]============================================ ===[ IPv4 Process ]================================================= [ CIArmy ] Reload . completed .. [ ZeuS ] Reload [ 12/05/17 23:51:22 ] . completed .. [ DShield ] Reload . completed .. [ ETCompromised ] Reload . completed .. [ ETDshield ] Reload . completed .. [ Tor ] Reload . completed .. ===[ Aliastables / Rules ]========================================== No changes to Firewall rules, skipping Filter Reload Updating: pfB_Blacklists 28 addresses added. ===[ FINAL Processing ]===================================== [ Original IP count ] [ 25273 ] ===[ Deny List IP Counts ]=========================== 25293 total 15000 /var/db/pfblockerng/deny/CIArmy.txt 6447 /var/db/pfblockerng/deny/Tor.txt 2104 /var/db/pfblockerng/deny/ETDshield.txt 1583 /var/db/pfblockerng/deny/ETCompromised.txt 119 /var/db/pfblockerng/deny/ZeuS.txt 40 /var/db/pfblockerng/deny/DShield.txt ===[ DNSBL Domain/IP Counts ] =================================== 904932 total 871989 /var/db/pfblockerng/dnsbl/bambenek.txt 14890 /var/db/pfblockerng/dnsbl/malwaredomains.txt 12475 /var/db/pfblockerng/dnsbl/Winhelp.txt 2497 /var/db/pfblockerng/dnsbl/Yoyo.txt 1530 /var/db/pfblockerng/dnsbl/Youtube.txt 1146 /var/db/pfblockerng/dnsbl/malwaredomainlist.txt 405 /var/db/pfblockerng/dnsbl/Adaway.txt ====================[ Last Updated List Summary ]============== Dec 5 05:30 ETDshield Dec 5 05:31 ETCompromised Dec 5 23:21 ZeuS Dec 5 23:25 CIArmy Dec 5 23:30 DShield Dec 5 23:35 Tor IPv4 alias tables IP count ----------------------------- 25294 IPv6 alias tables IP count ----------------------------- 0 Alias table IP Counts ----------------------------- 25294 total 25293 /var/db/aliastables/pfB_Blacklists.txt 1 /var/db/aliastables/pfB_DNSBLIP.txt pfSense Table Stats ------------------- table-entries hard limit 2000000 Table Usage Count 121331 UPDATE PROCESS ENDED [ 12/05/17 23:51:23 ] **Saving configuration [ 12/05/17 23:56:10 ] ... **Saving configuration [ 12/05/17 23:57:47 ] ...extras.log
Country code update Start [ 12/05/17 23:12:49 ] Converting MaxMind Country databases for pfBlockerNG. Processing ISO IPv4 Continent/Country Data [ 12/05/17 23:12:50 ] Processing ISO IPv6 Continent/Country Data [ 12/05/17 23:13:07 ] Creating pfBlockerNG Continent XML files IPv4 Africa [ 12/05/17 23:13:11 ] IPv6 Africa IPv4 Antarctica IPv6 Antarctica IPv4 Asia IPv6 Asia [ 12/05/17 23:13:13 ] IPv4 Europe IPv6 Europe [ 12/05/17 23:13:19 ] IPv4 North America [ 12/05/17 23:13:22 ] IPv6 North America [ 12/05/17 23:13:26 ] IPv4 Oceania IPv6 Oceania [ 12/05/17 23:13:27 ] IPv4 South America IPv6 South America IPv4 Proxy and Satellite IPv6 Proxy and Satellite IPv4 TOP 20 IPv6 TOP 20 [ 12/05/17 23:13:28 ] pfBlockerNG Reputation Tab Country Code Update Endedmaxmind_ver
MaxMind GeoLite2 Date/Time Stamp Last-Modified: Mon, 06 Nov 2017 19:15:47 GMT Duplicate Represented IP4 Networks: 31851 Duplicate Represented IP6 Networks: 3052All other logs are blank or missing.
-
Did you try to access any Domain that are blocked by dnsbl (Logs / DNSBL Files),
One domain from Adaway: http://mobiledl.adobe.com/ -
Did you try to access any Domain that are blocked by dnsbl (Logs / DNSBL Files),
One domain from Adaway: http://mobiledl.adobe.com/When I go to yahoo its covered in Ads, The Ipv4 black list is working but DNSBL ads and malware lists are not.
-
On pfsense what does this look like
dig mobiledl.adobe.com ; <<>> DiG 9.11.2 <<>> mobiledl.adobe.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40091 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;mobiledl.adobe.com. IN A ;; ANSWER SECTION: mobiledl.adobe.com. 60 IN A 10.10.10.1 ;; Query time: 0 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Tue Dec 05 19:13:56 EST 2017 ;; MSG SIZE rcvd: 63 -
On pfsense what does this look like
dig mobiledl.adobe.com ; <<>> DiG 9.11.2 <<>> mobiledl.adobe.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40091 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;mobiledl.adobe.com. IN A ;; ANSWER SECTION: mobiledl.adobe.com. 60 IN A 10.10.10.1 ;; Query time: 0 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Tue Dec 05 19:13:56 EST 2017 ;; MSG SIZE rcvd: 63on that page on chrome I get this
Invalid URL
The requested URL "[no URL]", is invalid.
Reference #9.1f7469d5.1512519331.2d2d26a0 -
But that is in my
pfB_Blacklists IPv4 not DNSBL
-
You can also Diagnostics / Command prompt to run the dig command
For DNSBL to function, your devices have to use the pfsense DNS Resolver. On on those device you need to check the DNS service resolution config.
On a Windows system, open a command prompt and to a nslookup of one FQDN from you DSNBL Files.
Devices also have to be able to reach the VIP (10.10.10.1), try to ping the VIP ip from that device. Try to open your VIP on a browser. -
I know its not working as ont he widget the packets don't update just stays on 0 used to go up etc…
It used to just work on everything in the house I never did anything to each device.
it just worked haha.
-
Check the Services page and restart pfblockerNG services
Check the System Logs General and Resolver -
Check the Services page and restart pfblockerNG services
Check the System Logs General and ResolverSilly question where are the "Check the System Logs General and Resolver" I can't find them.
-
Status / System Logs / System / General
Status / System Logs / System / DNS Resolver -
Status / System Logs / System / General
Status / System Logs / System / DNS ResolverThanks
Last 2 General Log Entries. (Maximum 50) Time Process PID Message Dec 6 00:37:03 syslogd kernel boot file is /boot/kernel/kernel Dec 6 00:37:09 pfsense.localdomain nginx: 2017/12/06 00:37:09 [error] 35192#100148: send() failed (54: Connection reset by peer)Last 11 DNS Resolver Log Entries. (Maximum 50) Time Process PID Message Dec 6 00:37:28 unbound 78841:0 notice: init module 0: validator Dec 6 00:37:28 unbound 78841:0 notice: init module 1: iterator Dec 6 00:37:28 unbound 78841:0 info: start of service (unbound 1.6.6). Dec 6 00:37:28 unbound 78841:0 info: service stopped (unbound 1.6.6). Dec 6 00:37:28 unbound 78841:0 info: server stats for thread 0: 1 queries, 0 answers from cache, 1 recursions, 0 prefetch, 0 rejected by ip ratelimiting Dec 6 00:37:28 unbound 78841:0 info: server stats for thread 0: requestlist max 0 avg 0 exceeded 0 jostled 0 Dec 6 00:37:28 unbound 78841:0 info: server stats for thread 1: 1 queries, 0 answers from cache, 1 recursions, 0 prefetch, 0 rejected by ip ratelimiting Dec 6 00:37:28 unbound 78841:0 info: server stats for thread 1: requestlist max 0 avg 0 exceeded 0 jostled 0 Dec 6 00:37:43 unbound 41622:0 notice: init module 0: validator Dec 6 00:37:43 unbound 41622:0 notice: init module 1: iterator Dec 6 00:37:43 unbound 41622:0 info: start of service (unbound 1.6.6).Nothing bad really. (I think)
Thanks again for the help. I hate ads can't wait to get this going again. -
Last 2 General Log Entries. (Maximum 50)
Strange that you only get 2 entries …
Maybe increase the log files size (may need to Reset logs for this to take effect)
Also increase the GUI Log EntriesYou didn't answer my questions about dig, VIP ping etc
-
Last 2 General Log Entries. (Maximum 50)
Strange that you only get 2 entries …
Maybe increase the log files size (may need to Reset logs for this to take effect)
Also increase the GUI Log EntriesYou didn't answer my questions about dig, VIP ping etc
Done
Did you edit that part it I missed itC:\Users\darkv>nslookup DQDN Server: resolver1.opendns.com Address: 208.67.222.222 *** resolver1.opendns.com can't find DQDN: Non-existent domain C:\Users\darkv>ping 10.10.10.1 Pinging 10.10.10.1 with 32 bytes of data: Reply from 10.10.10.1: bytes=32 time=1ms TTL=64 Reply from 10.10.10.1: bytes=32 time=1ms TTL=64 Reply from 10.10.10.1: bytes=32 time=1ms TTL=64 Reply from 10.10.10.1: bytes=32 time=1ms TTL=64 Ping statistics for 10.10.10.1: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 1ms, Maximum = 1ms, Average = 1ms C:\Users\darkv> -
Yes I did edited my post :P
FQDN is Fully qualified domain name … so pick one hostname from your Firewall / pfBlockerNG / Log Browser / DNSBL Files and do nslookup on itnslookup mobiledl.adobe.com Serveur : pfsense.localdomain Address: 172.xxx.xxx.254 Nom : mobiledl.adobe.com Address: 10.10.10.1 -
You mean like this?
C:\Users\darkv>nslookup amoffers.hasoffers.com Server: resolver1.opendns.com Address: 208.67.222.222 Non-authoritative answer: Name: use-app04.hasoffers.com Addresses: 52.5.77.91 52.6.99.184 34.230.229.216 Aliases: amoffers.hasoffers.comC:\Users\darkv>nslookup mobiledl.adobe.com Server: resolver1.opendns.com Address: 208.67.222.222 Non-authoritative answer: Name: a1800.g.akamai.net Addresses: 213.104.143.171 213.104.143.162 Aliases: mobiledl.adobe.com mobiledl.adobe.com.edgesuite.net -
Yes
This shows that your Windows is using resolver1.opendns.com for DNS resolution.
Now do dig amoffers.hasoffers.com in Diagnostics / Command PromptNext check / post your DNS Resolver configuration
-
Yes
This shows that your Windows is using resolver1.opendns.com for DNS resolution.
Now do dig amoffers.hasoffers.com in Diagnostics / Command PromptNext check / post your DNS Resolver configuration
This? lol sorry not very good at this
Shell Output - dig amoffers.hasoffers.com ; <<>> DiG 9.11.2 <<>> amoffers.hasoffers.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1168 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;amoffers.hasoffers.com. IN A ;; ANSWER SECTION: amoffers.hasoffers.com. 60 IN A 10.10.10.1 ;; Query time: 0 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Wed Dec 06 01:05:23 GMT 2017 ;; MSG SIZE rcvd: 67.png_thumb)
.png)
-
So pfsense DNSBL is doing it's job on pfsense.
It's your device that is not using pfsense for DNS resolution. Does it get it's IP from pfsense via DHCP ?
What kind of antivirus / internet security are you using on your Windows. Some like AVG provide there own solution for DNS :so after much troubleshooting and trying things at the firewall level, i disabled my full avg protection and it works on the host(s) in question. so I have to granularly figure out which service in AVG is messing up my dns
I think this is what you were looking for:
https://help.avg.com/en/avg_free/17/securityantivirus_securedns.html
