DNSBL not working with vpn

xerno

I need some help with configuration to make dnsbl work togheter with my vpn.
DNSBL worked before I added the vpn.

BBcan177

Take a look here:
https://www.reddit.com/r/PFSENSE/comments/8o8zf1/pfblockerng_adblock_on_all_vlans/

xerno

@bbcan17 Im a beginner in this and having trouble following you.
my vpn is using dhcp with the dns from general tab
103.86.96.100
103.86.99.100
If I delete or change these the whole internet stops working.

BBcan177

@xerno The lan devices have to use pfSense IP address so that Unbound/DNSBL will reply... If you set your LAN devices DNS to use the General Tab DNS IPs, then that will bypass Unbound and DNSBL will not filter it.

xerno

@bbcan17 Ok I set my windows machine to use pfsense ip as dns but ads are still showing up

BBcan177

@xerno DNSBL will only block the AD domains that are in the DNSBL Feeds that you defined.

See this thread:
https://forum.netgate.com/topic/91736/pfblockerng-v2-0-w-dnsbl

xerno

@bbcan17 Yes I have configured the feeds. It was working until I setup the vpn.

BBcan177

@xerno

Ensure that from this LAN Device, that you can:

1. ping the DNSBL VIP and get a reply
2. Browse to the DNSBL VIP and get the 1x1 pixel
3. ping one of the DNSBL domains and get the DNSBL VIP Address

xerno

@bbcan17 I can ping dnsbl vip and get a reply.
if I browser it I get a timeout
if I ping one of the dnsbl domains I dont get the dnsbl vip adress

BBcan177

@xerno In the DNSBL Tab, enable the "DNSBL Permit" rule and select all LAN/VLANS that need access to the DNSBL VIP...

xerno

@bbcan17 said in DNSBL not working with vpn:

AN/VLANS that need access to

Those settings are already there

xerno

@bbcan17 I did some digging in the log files.
for example this
local-data: "adaway.org/hosts.txt 60 IN A 10.10.10.1"
when I ping one of the addresses in that site it does not use 10.10.10.1
however I do have this local-data: "jujuads.com 60 IN A 10.10.10.1" and that will ping with response 10.10.10.1

BBcan177

@xerno said in DNSBL not working with vpn:

local-data: "adaway.org/hosts.txt 60 IN A 10.10.10.1"

Something is wrong with this line as it shouldn't contain the "/hosts.txt".. What URL are you using... Compare that to the URL in the link I posted above.

After reviewing the URL, remove the previous feed in the Log Browser > DNSBL Files > Adaway.txt, by selecting the "Delete Icon"... Follow that with a Force Reload - DNSBL.

xerno

@bbcan17 I found the problem, in the DNSBL Feeds I didnt put unique headers. they where all named the same. after reloading it now blocks ads.
However is the blocking correct? The ads just show up as grey and after about 5-10 seconds they dissapear.

xerno

@bbcan17 I still cant acess 10.10.10.1 in my browser.