Pfblocker DSNBL causing some sites to not resolve



  • unbound DNS resolution is problematic after upgrade to p3 release

    I have been seeing a problem with the DNS resolution of some websites, where instead of correctly resolving to the IP of the site, it instead resolves to the default VIP of DNSBL within pfblockerNG. It will correctly resolve many sites, but some, such as aniwatcher.com, and others will show up with 10.10.10.1 in DNS lookup.

    I have tried disabling dnsbl and reloading, then re-enabling it and reloading the lists, and the same thing occurs. It will only work when DNSBL is disabled in pfblocker.

    This worked perfectly fine before the upgrade. should I just uninstall, and then re-install pfblocker?

    #2 issue that I have noticed is that as of yesterday, no blocks come up in the reports tab for DNSBL, only the IP blocks. How can I repair the DNSBL lists, so that all sites that aren't specifically blocked, resolve correctly?



  • As an addition to this, dnsbl.log is empty, or not created when I go to take a look at the logs. The IP blocks are showing up fine, and the unbound resolver doesn't seem to have any issues. This started with the update to the new p3 version of pfsense.


  • Moderator

    Probably related to this:
    https://forum.netgate.com/topic/143357/lighttpd-version-1-4-51-in-latest-pkg-has-broken-the-block-page
    Try the patch that is there... I have posted a PR but waiting on the pfSense Devs to approve.



  • @BBcan177 thank you for the link. I will have to get that placed into the pfblocker relevant file



  • @BBcan177 now this is a very noob question, as I am a noob at this. How would I go about editing this within pfsense gui in the command prompt section of the diagnostics tab?


  • Moderator

    @themadsalvi
    Download the latest v2.2.5_23 which has this fixed already.



  • @BBcan177 I will have to troubleshoot further, since now neither the IP blocklists nor the dnsbl lists show as blocking in reports tab. Also the sites in the blocklists resolve to their respective IPs



  • Did you do a Force Update then a Force Reloal All?
    Check the Status / Services tab and restart pfblockerNG services.
    Inspect pfblockerng logs as well as System Logs to see what is happenning.



  • @RonpfS yes, I did force update, then force reload all. I restarted both pfb services manually int the status>services area, and reset the unbound resolver. The lists are populated. I even uninstalled pfblocker-devel, without keeping settings, and re-installed it from package manager

    Ipblock.log and dnsbl.log are empty or non existent.



  • @themadsalvi said in Pfblocker DSNBL causing some sites to not resolve:

    ninstalled pfblocker-devel, without keeping settings, and r

    Go thru pfblocker General tab, DNSBL tab & IP tab and save the settings, then do a Force Reload All.

    I can't say much more without seeing any log files.



  • @themadsalvi said in Pfblocker DSNBL causing some sites to not resolve:

    reset the unbound resolver

    What do you mean by reset ?



  • @RonpfS sorry, restart in services tab



  • @RonpfS the IP blocks are showing, but DNSBL is not there at the reports tab.



  • @BBcan177 I still do not know why DNSBL blocks are not showing up on the reports tab in pfblockerng-devel. I am wondering if I am the only one that is having this issue, as I have not heard anyone else having this happen to them. The DNS lookup for the blocked sites does redirect to the VIP address, but since they do not show up on the reports tab, or in any logs, I cannot easily whitelist any domains from the report tab.

    I have installed the newest version of the pfblockerng-devel package, and all related packages that come with the install. For me, it still does not even show up when I re-install without keeping any of the old settings, nor keeping any of the old blocklists.



  • @BBcan177 @RonpfSI was able to trace it down to an open source firmware(gargoyle router firmware) on my wireless router that was not playing nice with my pfsense box. I do not know exactly how, or why, but the domain information that is used to get the blocks on the report page was not being forwarded correctly(or something else equally weird) to the pfsense box. When I reverted to the stock firmware on the router, it immediately began to report the domain blocks on the reports tab in pfblocker. Was strange, and unexpected.

    I have to thank BBcan177 so much for taking time out of his busy schedule to teamviewer with me today to continue to troubleshoot this issue. Thank you RonpfS as well for helping me in this matter.


Log in to reply