<![CDATA[DNSBL (DEV) Stopped working after 2.4.4 upgrade]]>Hello!
Just did an update to our HA to 2.4.4 (from 2.4.3) running PFblokerNG_dev
After the update, PFblocker IP list seem to be working, but no DNS filtering is being done.
Resolver Seems to be working as I can see requested being made to the DNS forwarder external IP’s. (Forwarder is using TLS to the external DNS IP’s if that helps, but had this set prior to the upgrade)
There are no DNS alerts in the firewall (either) and testing a DNS entry in one of the list will load in the browser.
PFBlocker was uninstalled and reinstalled on both systems. Services look fine
Thanks in advance!

]]>https://forum.netgate.com/topic/136185/dnsbl-dev-stopped-working-after-2-4-4-upgradeRSS for NodeMon, 20 Apr 2026 15:39:37 GMTSun, 30 Sep 2018 17:49:48 GMT60<![CDATA[Reply to DNSBL (DEV) Stopped working after 2.4.4 upgrade on Mon, 01 Oct 2018 10:29:11 GMT]]>I was able to get DNS resolver errors above corrected with this post
https://forum.netgate.com/topic/106011/solved-pfblockerng-reloading-unbound-fails/11

After the above, resting Resolver settings (just clearing all setting then adding back the same settings) and a reboot it appears to be working again.

Thanks for the help!

]]>https://forum.netgate.com/post/793485https://forum.netgate.com/post/793485Mon, 01 Oct 2018 10:29:11 GMT<![CDATA[Reply to DNSBL (DEV) Stopped working after 2.4.4 upgrade on Sun, 30 Sep 2018 19:06:44 GMT]]>The dnsbl.log seems to be empty
(log file empty or does not exist)
dnsbl parsed _error log is current

]]>https://forum.netgate.com/post/793349https://forum.netgate.com/post/793349Sun, 30 Sep 2018 19:06:44 GMT<![CDATA[Reply to DNSBL (DEV) Stopped working after 2.4.4 upgrade on Sun, 30 Sep 2018 19:02:54 GMT]]>@bbcan177

Thanks for the reply
A reload is downloading list, no errors besides some list downloads (had them before)
Devices are pointing to PF. No other device / network changes made other than 2.4.4 update.

Yeah, testing was on a test machine...noted ;)

In resolver logs at this time

Sep 30 14:46:45 unbound 55165:0 notice: failed connection from 127.0.0.1 port 26470
Sep 30 14:46:45 unbound 55165:0 error: remote control failed ssl crypto error:14094412:SSL routines:ssl3_read_bytes:sslv3 alert bad certificate
Sep 30 14:46:50 unbound 55165:0 error: remote control connection closed prematurely

The cert error: for testing i removed any TLS settings and still get this
Local host error may be new from what i can see

Thanks!!

]]>https://forum.netgate.com/post/793347https://forum.netgate.com/post/793347Sun, 30 Sep 2018 19:02:54 GMT<![CDATA[Reply to DNSBL (DEV) Stopped working after 2.4.4 upgrade on Sun, 30 Sep 2018 18:27:19 GMT]]>@vito

If you run a Force Reload - All, do you get any errors?

Check the pfSense system/resolver logs for any other clues.

Also make sure that your Lan devices are pointing their DNS settings to pfSense only.

It's not a good idea to load these domains in a browser, just in case you load a malicious one. Best to run a ping or host command. If it replies back with the DNSBL VIP, then it's being blocked.

host - t A example.com
]]>https://forum.netgate.com/post/793341https://forum.netgate.com/post/793341Sun, 30 Sep 2018 18:27:19 GMT