DNSBL not working, even with Resolver active

themadsalvi

As stated in the title, the DNSBL service is not blocking any domains at all anymore. The only major change was the upgrade of Pfsense to the new p3 version. It worked fine right up until the upgrade was finished. The DNS resolver is working properly, and unbound service is also working correctly. Pfblocker also correctly blocks IPs correctly, and so far, there are no huge glaring errors in the logs(unless you consider the UT1 not downloading). I will place the log from the forced reload below. I have uninstalled pfblocker(making sure that the settings were not kept), re-installed pfblocker, and still no DNSBL blocks.

themadsalvi

UPDATE PROCESS START [ 05/24/19 14:22:57 ]

===[ DNSBL Process ]================================================

Loading DNSBL Statistics... completed
Loading DNSBL Whitelist... completed

Downloading Blacklist Database(s) [ ut1 (~8.5MB) ] ... Please wait ...
UT1 ... Failed

[ New ] Reload [ 05/24/19 14:25:15 ] . completed ..
Whitelist: 127.demdex.net|zooplus.demdex.net|

Orig. Unique # Dups # White # TOP1M Final

1102379 1102379 0 1321 0 1101058

Saving DNSBL database... completed

Assembling DNSBL database... completed [ 05/24/19 14:27:57 ]
Reloading Unbound Resolver..... completed [ 05/24/19 14:28:14 ]
DNSBL update [ 1647758 | PASSED ]... completed [ 05/24/19 14:28:15 ]

Emal510

I'm also having this issue. Tried switching to devel build but DNSBL is still not filtering packets.

JeGr

@Emal510 said in DNSBL not working, even with Resolver active:

Tried switching to devel build but DNSBL is still not filtering packets.

DNSBL will never filter packets. It filters DNS queries against pfSense' internal DNS resolver (unbound). If you don't use that, it will do nothing at all.

Emal510

I did some troubleshooting and I honestly don't know exactly what the issue was but here is a list of steps I took to get it working again:

General Setup
- Set loopback address on top followed by DNS IP(s) or leave everything blank if only using Unbound
- DNS Server Override unchecked
- Disable DNS Forwarder unchecked
DNS Resolver
- Network Interfaces > only select local ints including LAN.
- DNS Query Forwarding unchecked
- DHCP Registration checked
- Static DHCP checked
DHCP Server
- set your DNS Server to the LAN's IP int
On each of your DHCP Clients
- Renew lease or perform a network reset
On each of your Static Clients
- Use the IP int as DNS address

DNSBL not working, even with Resolver active

[ New ] Reload [ 05/24/19 14:25:15 ] . completed .. Whitelist: 127.demdex.net|zooplus.demdex.net|

Orig. Unique # Dups # White # TOP1M Final

1102379 1102379 0 1321 0 1101058

Assembling DNSBL database... completed [ 05/24/19 14:27:57 ] Reloading Unbound Resolver..... completed [ 05/24/19 14:28:14 ] DNSBL update [ 1647758 | PASSED ]... completed [ 05/24/19 14:28:15 ]

[ New ] Reload [ 05/24/19 14:25:15 ] . completed ..
Whitelist: 127.demdex.net|zooplus.demdex.net|

Assembling DNSBL database... completed [ 05/24/19 14:27:57 ]
Reloading Unbound Resolver..... completed [ 05/24/19 14:28:14 ]
DNSBL update [ 1647758 | PASSED ]... completed [ 05/24/19 14:28:15 ]