DNSBL Shenanigans

  • I had installed pfB (not the devel package) and attempted to set up DNSBL. I tried to download the EasyLists just to try it out, but upon a force reload, I kept getting cUrl timeout errors (code 28). After reading a few forum posts, I removed the unbound .keys and .pems and regenerated them, but I was still getting timeout errors.

    The more interesting part of this is that the lists do actually download if I use the pfB-devel package and its default IP and DNSBL feeds. However, my DNS completely breaks down and all of the requests go to VIP.

    If I use the same settings from the devel package with the base pfB package, I get an unload error similar to the one found in this post: https://www.reddit.com/r/pfBlockerNG/comments/atlmzb/dnsbl_is_out_of_sync/ which remains unanswered.

    I've force reloaded god knows how many times, toggled DNSSEC, DNS forwarding, regenerated keys and certs, uninstalled and reinstalled packages, even factory reset the darned thing.

    I'm really at the end of my rope here, and was wondering if anyone had any ideas.

    I should mention that I've been following this setup guide: https://www.tecmint.com/install-configure-pfblockerng-dns-black-listing-in-pfsense/

  • @timeforchang FWIW, I tried the release package and found setup to be quite a challenge, considering the vast amount of lists available on the 'net. I uninstalled completely and installed the devel pkg. Works a treat, since many BLs are hardcoded and preselected. Did have a minor issue downloading the Talos list that was resolved by some minor edits, but I think that was fixed in latest devel.
    Relevant Post
    Also, the Zeus tracker lists were discontinued in July '19, so those will show update errors. Hardcoded lists are great for you and me, but a pain for @BBcan177 .
    I'd try uninstalling all, including settings, and start over with devel. You are using Resolver in resolver mode and not forwarding, right? Also, if using Service Watchdog, do not include the pfB services or Unbound in the restart settings.

    PS - If you are using ramdisks for /tmp and /var (Advanced/Miscellaneous), every reboot will delete all the lists that have been downloaded, but they will be rebuilt at either next cron update or a Force/All.

  • Thank you so much! I totally have forwarding on. Furthermore, I realized that specific lists were super trigger happy so I will be debugging sources one by one I guess

Log in to reply