Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    DNS Resolver

    Scheduled Pinned Locked Moved DHCP and DNS
    5 Posts 2 Posters 595 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      scorpoin
      last edited by

      Hello All,

      I'm facing a strange issue in DNS Resolver custom-option.

      If I allowed any restricted user in bypass list , it works fine and restriction lifted and If I block that user again just simply adding

      #access-control-view: 192.168.2.10/32 bypass

      it does not block that IP and user able to access all website :/ . I've gone the pfblocker-ng config if there is any issue it should not blocked that ip in first place .

      server:
    # access-control-view: 1192.168.2.10/32 bypass
        access-control-view: 192.168.2.0/24 dnsbl
    

view:
    name: "bypass"
    view-first: yes
view:
    name: "dnsbl"
    view-first: yes
    include: /var/unbound/pfb_dnsbl.*conf

      Regards

      1 Reply Last reply Reply Quote 0
      • GertjanG
        Gertjan
        last edited by

        4c7e9fd6-f232-4809-999b-a6413a61b158-image.png

        The image shows that pfBlockerNg-devel adds
        "/var/unbound/pfb_dnsbl.*conf" in a include block, which is put in a "server" block.

        You've added "include: /var/unbound/pfb_dnsbl.*conf" in a "view" block.

        Is is (syntax) possible ?

        No "help me" PM's please. Use the forum, the community will thank you.
        Edit : and where are the logs ??

        GertjanG 1 Reply Last reply Reply Quote 0
        • S
          scorpoin
          last edited by scorpoin

          Thanks for your prompt response @Gertjan
          well I have been using config above for months with out any issue. let me put include after server and will get back to you.

          server: include: /var/unbound/pfb_dnsbl.*conf
    # access-control-view: 1192.168.2.10/32 bypass
        access-control-view: 1192.168.2.11/32 bypass
        access-control-view: 192.168.2.0/24 dnsbl
    

view:
    name: "bypass"
    view-first: yes
view:
    name: "dnsbl"
    view-first: yes

          Doing above config now youtube is blocked for every one :/ . even bypass IPs . So I changed it config back to old .

          Regards

          1 Reply Last reply Reply Quote 0
          • GertjanG
            Gertjan @Gertjan
            last edited by

            @Gertjan said in DNS Resolver:

            Is is (syntax) possible ?

            Well ... your initial "Custom options" wasn't wrong.
            Gogol pointed me to
            https://forum.netgate.com/topic/129365/bypassing-dnsbl-for-specific-ips

            where you will find
            : "this works for me"
            : "doesn't work for me".

            Can't tell what why it works for one, and not for another.

            No "help me" PM's please. Use the forum, the community will thank you.
            Edit : and where are the logs ??

            1 Reply Last reply Reply Quote 0
            • S
              scorpoin
              last edited by

              well very strange thing I've seen , when putting static 8.8.8.8 on windows client as secondary DNS and primary DNS of my pfsense IP . it does open youtube , if I remove Secondary DNS 8.8.8.8 it does block youtube and other sites which pfblocker should do . :/ . I do have firewall rule
              I do I prevent users not use other then firewall IP as primary DNS.

              Regards

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.