DNSBL - DNS bug?
-
I've got two issues related to the DNSBL, one which I believe is a bug in the way the pub_dnsbl.conf is produced and the other an undesired behavior in avahi-daemon when interacting with interfaces that have the DNSBL VIP associated with them.
The issue I want to address here is with the pfb_dnsbl.conf file. The IPs are incorrect and do not match the VIP I have changed the DNSBL to point to. In my case I change the default DNSBL VIP to 10.100.100.1 in the DNSBL pfblockerng web gui. That works, the VIP is change to it and all is well, except for the IP listed for BL sites in pfb_dnsbl.conf, they point to an intermediary IP I first changed the DNSBL web gui to 10.10.100.1. I used vi to update pfb_dnsbl.conf IPs to match once I discovered the cause of slow websites to be timeouts because the DNSBL look-ups returned a non-existent IP and the browser had to time those out before returning the entire website.
The manual update worked, yes I did attempt to force an update via the DNSBL web gui in everyway I thought possible. Turning it off, turning all of pfblockner off, never did re-install though. My thought was once the VIP was changed, the pfb_dnsbl.conf file would be regenerated with the correct IP. It appears that may have worked the first time, but not the second. Regardless I updated it by hand and all worked well for a few hours, now the IPs are all back to 10.10.100.1 again. Obviously the file is being regenerated, most likely after a refresh of the data from the DNSBL feeds. I could of course script the a work around and probably will, but wanted to see if there's anything else I can check and possibly report a bug.
Update - I will report the issue with Avahi else where. If it makes sense to report it here as well, as DNSBL is a factor in the bug, I will, let me know.
Update 2 - I will post a bug report on redmine as soon as I am able to sign in.... Ironically, having issues with that at the moment.
-
Opened https://redmine.pfsense.org/issues/10252