dnsbl.log - Log file is empty or does not exist

wdup

pfSense version: 2.4.4-RELEASE-p3 (amd64)
pfBlockerNG-devel version: 2.2.5_23

Interfaces:
WAN
LAN (used for management)
GUEST (with captive portal enabled)

DNSBL enabled on GUEST interface with several feeds (EasyList, AD, Cryptojackers) - Action = Unbound, Logging = Enabled.

Relevant domains are blocked on GUEST interface, however there are no alerts logged for DNSBL. When I check dnsbl.log (via Web GUI) I get "Log file is empty or does not exist". Logged on to shell and the file /var/log/pfblockerng/dnsbl.log does not exist.

When doing a ping from pfSense shell the blocked domains resolve to DNSBL VIP. When doing a ping from a client on GUEST network the blocked domains resolve to DNSBL VIP, but there is no reply from the DNSBL VIP.

In summary the setup is working as expected, but there are no DNSBL alerts. I would appreciate any suggestions on how I can get alerts to be logged?

BBcan177

@wdupreez

You need to ensure that your LAN devices have their DNS pointing to only pfSense for DNS resolution. Also check the pfblockerng.log to ensure there are no errors stopping DNSBL from functioning.
You can also ping a domain that is being blocked, and it should reply back with the DNSBL VIP address.

wdup

@BBcan177 thank you very much for the reply and may I use this opportunity to thank you for your fantastic work with pfBlockerNG!!!

My apologies if it was not clear from my post, I use DNSBL on my GUEST network and I can confirm devices on the GUEST network are using pfSense (GUEST interface) for DNS and DNSBL blocked domains are filtered, however I don't see any entries in dnsbl.log, in fact the files does not exist and no DNSBL alerts show in Reports > Alerts tab. I assume the dnsbl.log file only gets created when the pfBlockerNG writes to it?

I have checked pfblockerng.log and see no errors reported except a couple of errors relating to feed downloads.

In this case I don't need DNSBL on my LAN interface/network. Do you mind telling me the best approach if I only need DNSBL on my GUEST (OPT1) interface? Should I change the DNSBL > Webserver Interface to GUEST and/or Enable the Permit Firewall Rules and select the GUEST interface?

I can confirm that when I do a ping from a device on GUEST network the blocked domains resolve to DNSBL VIP, but there is no reply from the DNSBL VIP.

Thank you in advance.

BBcan177

@wdupreez said in dnsbl.log - Log file is empty or does not exist:

Should I change the DNSBL > Webserver Interface to GUEST and/or Enable the Permit Firewall Rules and select the GUEST interface?

Yes you will probably need this permit rule to allow the GUEST network to communicate with the DNSBL Webserver. You should be able to ping and browse to the DNSBL VIP and also ping and get a reply to any blocked domain.
Thanks for the feedback!