PfBlocker Problems

Riftcore34

@RonpfS:

Yes
This shows that your Windows is using resolver1.opendns.com for DNS resolution.
Now do dig amoffers.hasoffers.com in    Diagnostics / Command Prompt

Next check / post  your DNS Resolver configuration

This? lol sorry not very good at this

Shell Output - dig amoffers.hasoffers.com
; <<>> DiG 9.11.2 <<>> amoffers.hasoffers.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1168
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;amoffers.hasoffers.com.		IN	A

;; ANSWER SECTION:
amoffers.hasoffers.com.	60	IN	A	10.10.10.1

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Wed Dec 06 01:05:23 GMT 2017
;; MSG SIZE  rcvd: 67

.png_thumb)
.png)

RonpfS

So pfsense DNSBL is doing it's job on pfsense.
It's your device that is not using pfsense for DNS resolution. Does it get it's IP from pfsense via DHCP ?
What kind of antivirus / internet security are you using on your Windows. Some like AVG provide there own solution for DNS :

@BBcan177:

@xphiles:

so after much troubleshooting and trying things at the firewall level, i disabled my full avg protection and it works on the host(s) in question. so I have to granularly figure out which service in AVG is messing up my dns

I think this is what you were looking for:
    https://help.avg.com/en/avg_free/17/securityantivirus_securedns.html

Riftcore34

Yes every device has an IP from pfsense and zero antivirus / security

Even my roku is showing ads but its got a ip from pfsense.

RonpfS

Check what DNS server is configured in the DHCP service. Leave empty to use pfsense config

Riftcore34

@RonpfS:

Check what DNS server is configured in the DHCP services. Leave empty to use pfsense config

208.67.222.222
208.67.220.220

is in there ill delete them and reboot.

RonpfS

Un-plug/re-plug the ethernet cable will do the same.
Or in Windows cmd  run "ipconfig /renew"
"ipconfig" alone will show you the configuration

Riftcore34

@RonpfS:

Check what DNS server is configured in the DHCP service. Leave empty to use pfsense config

DNSBL_Ads 67595 155
YAY its working

Guess its my fault as im trying to use opendns filting

Thanks so much now to get this opendns to work :)

RonpfS

Well that something you may want to use to bypass your ISP DNS server, or to provide Parental control that some DNS services provide.

You could still use OpenDNS by using the Forwarding mode of pfsense DNS Resolver, but this mode requires all DNS servers used in forwarding mode to support DNSSEC.

On the other end, unbound talk to the root server so it's provide "clean" and fast DNS Service.

Riftcore34

@RonpfS:

Well that something you may want to use to bypass your ISP DNS server, or to provide Parental control that some DNS services provide.

You could still use OpenDNS by using the Forwarding mode of pfsense DNS Resolver, but this mode requires all DNS servers used in forwarding mode to support DNSSEC.

On the other end, unbound talk to the root server so it's provide "clean" and fast DNS Service.

yea I did try Forwarding mode but pfblocker did not work with it on and resolver off :)

BBcan177

@Riftcore34:

yea I did try Forwarding mode but pfblocker did not work with it on and resolver off :)

Unbound can be used in "Forwarder" or "Resolver" mode…  So don't get that mixed up with DNSMasq which is a "Forwarder" only... :)