Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    DNSBL (DEV) Stopped working after 2.4.4 upgrade

    Scheduled Pinned Locked Moved pfBlockerNG
    5 Posts 2 Posters 1.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • V
      vito
      last edited by

      Hello!
      Just did an update to our HA to 2.4.4 (from 2.4.3) running PFblokerNG_dev
      After the update, PFblocker IP list seem to be working, but no DNS filtering is being done.
      Resolver Seems to be working as I can see requested being made to the DNS forwarder external IP’s. (Forwarder is using TLS to the external DNS IP’s if that helps, but had this set prior to the upgrade)
      There are no DNS alerts in the firewall (either) and testing a DNS entry in one of the list will load in the browser.
      PFBlocker was uninstalled and reinstalled on both systems. Services look fine
      Thanks in advance!

      BBcan177B 1 Reply Last reply Reply Quote 0
      • BBcan177B
        BBcan177 Moderator @vito
        last edited by BBcan177

        @vito

        If you run a Force Reload - All, do you get any errors?

        Check the pfSense system/resolver logs for any other clues.

        Also make sure that your Lan devices are pointing their DNS settings to pfSense only.

        It's not a good idea to load these domains in a browser, just in case you load a malicious one. Best to run a ping or host command. If it replies back with the DNSBL VIP, then it's being blocked.

        host - t A example.com
        

        "Experience is something you don't get until just after you need it."

        Website: http://pfBlockerNG.com
        Twitter: @BBcan177  #pfBlockerNG
        Reddit: https://www.reddit.com/r/pfBlockerNG/new/

        V 1 Reply Last reply Reply Quote 0
        • V
          vito @BBcan177
          last edited by

          @bbcan177

          Thanks for the reply
          A reload is downloading list, no errors besides some list downloads (had them before)
          Devices are pointing to PF. No other device / network changes made other than 2.4.4 update.

          Yeah, testing was on a test machine...noted ;)

          In resolver logs at this time

          Sep 30 14:46:45 unbound 55165:0 notice: failed connection from 127.0.0.1 port 26470
          Sep 30 14:46:45 unbound 55165:0 error: remote control failed ssl crypto error:14094412:SSL routines:ssl3_read_bytes:sslv3 alert bad certificate
          Sep 30 14:46:50 unbound 55165:0 error: remote control connection closed prematurely

          The cert error: for testing i removed any TLS settings and still get this
          Local host error may be new from what i can see

          Thanks!!

          1 Reply Last reply Reply Quote 0
          • V
            vito
            last edited by

            The dnsbl.log seems to be empty
            (log file empty or does not exist)
            dnsbl parsed _error log is current

            1 Reply Last reply Reply Quote 0
            • V
              vito
              last edited by

              I was able to get DNS resolver errors above corrected with this post
              https://forum.netgate.com/topic/106011/solved-pfblockerng-reloading-unbound-fails/11

              After the above, resting Resolver settings (just clearing all setting then adding back the same settings) and a reboot it appears to be working again.

              Thanks for the help!

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.