DNSBL Out of Sync after reloads/updates
I am running into DNSBL update [ 368701 ] [ 515215 ] ... OUT OF SYNC errors in my logs constantly.
I have tried enabling/disabling pfblockerNG and doing a force reload. I also don't see any duplicate headers in my log files.
I have a feeling it may be related to this in the log file.
TLD finalize Original Matches Removed Final 832537 396919 463836 368701 TLD finalize... completed [ 06/17/19 12:13:29 ]
I feel like I'm missing something simple.
Some system info:
pfSense: 2.4.4-RELEASE-p3 Version: pfblockerNG-devel 2.2.5_23 CPU: i5 - 7300U RAM: 16GB
Maybe it's the TLD blocking of full domains causing the sync issue:
Blocking full TLD/Sub-Domain(s)... |cm|party|click|link|technology|gdn|study|men|biz|reise|stream|ru| completed
If so then I assume DNSBL will never be "In Sync", not sure if that's ok or what best practice would recommend.
@BBcan177 Thank you for sending me that link. I have read through the thread but I'm not sure if I am running into the same issue or if it is one of a similar type.
I am only using the DNSBL Whitelist (below) to allow certain domains and subdomains and the TLD Blacklist. TLD Exclusion List and TLD Whitelist are blank.
.s3.amazonaws.com .amazonaws.com .s3-1.amazonaws.com # CNAME for (s3.amazonaws.com) .github.com .githubusercontent.com github.map.fastly.net # CNAME for (raw.githubusercontent.com) .apple.com .sourceforge.net .fls-na.amazon.com # alexa .control.kochava.com # alexa 2 .device-metrics-us-2.amazon.com # alexa 3 .amazon-adsystem.com # amazon app ads .px.moatads.com # amazon app 2 .wildcard.moatads.com.edgekey.net # CNAME for (px.moatads.com) .e13136.g.akamaiedge.net # CNAME for (px.moatads.com) .secure-gl.imrworldwide.com # amazon app 3 .pixel.adsafeprotected.com # amazon app 4 .anycast.pixel.adsafeprotected.com # CNAME for (pixel.adsafeprotected.com) .bs.serving-sys.com # amazon app 5 .bs.eyeblaster.akadns.net # CNAME for (bs.serving-sys.com) .bsla.eyeblaster.akadns.net # CNAME for (bs.serving-sys.com) .adsafeprotected.com .anycast.static.adsafeprotected.com # CNAME for (static.adsafeprotected.com) google.com www.google.com docs.google.com youtube.com www.youtube.com youtube-ui.l.google.com # CNAME for (youtube.com) stackoverflow.com www.stackoverflow.com dropbox.com www.dropbox.com www.dropbox-dns.com # CNAME for (dropbox.com) control.kochava.com secure-gl.imrworldwide.com pbs.twimg.com # twitter images www.pbs.twimg.com # twitter images onedrive.live.com www.onedrive.live.com odc-web-geo.onedrive.akadns.net # CNAME for (onedrive.live.com) odc-web-brs.onedrive.akadns.net # CNAME for (onedrive.live.com) odwebpl.trafficmanager.net.a-0014.dc-msedge.net.a-0014.a-msedge.net # CNAME for (onedrive.live.com) a-0014.a-msedge.net # CNAME for (onedrive.live.com) .mzstatic.com
In the General Tab, uncheck "Keep Settings", then Save. That will clear all previously downloaded Feeds. Re-check "Keep Settings", Save, and follow that with a Force Update. If its still out of sync, post a link to the pfblockerng.log for review.
@BBcan177 That fixed the sync issue! I could have sworn I've done that step a few times this week. I'll keep an eye on it to see if it goes out of sync during the next cron job.
My only issue now is that after running the force update the DNSBL is listed as disabled on the Dashboard.
@aograin Check the log for details about why its disabled. Need to ensure in the General Tab that pfBNG is enabled, and also enabled in the DNSBL Tab. Finally need to ensure that Unbound is running, and that the DNS Resolver "Custom Options" has this line (which is automatically added by the pkg):
@BBcan177 Everything looked good and had the appropriate check box checked. I saved the existing DNS Resolver settings and that seemed to correct the issue. Didn't see anything in the logs that stood out.
Saving DNSBL database... completed Reloading Unbound Resolver..... completed [ 06/18/19 20:40:10 ] DNSBL update [ 515852 | PASSED ]... completed Adding to existing Unbound custom options
I'll consider this issue closed. Thank you for the support.