pfblockerNG TLD help
I am new to pfsense and pfblockerNG, but have recently installed this following blogs and forum posts to get things working.
My system has an Intel i5-2400 with 8GB Ram. It seems to handle the firewall very well (very little CPU/MEM usage), even with pfblockerNG, however when I enabled TLD in pfblocker, then update -> force reload, my system would hang and peg the RAM, take a long time to complete, and finally show errors when completed.
I upgraded to 16GB RAM and tried to enable TLD again. Now it completes without error - I noticed the RAM utilization doesn't get past 39% with the same config, which is odd since I should have had enough RAM before the upgrade.
Now when TLD successfully completes, clients can no longer get to webpages. I found ping works but DNS resolution seems to break.
Any idea would be greatly appreciated!
Which version of pfblocker are you using?
3.0.0_3 - I just noticed a new version is avail which I didn't know about. I may install it once I had a chance to research what it is
Seems like unbound may have crashed. Are you running the new dnsbl python mode? Have you made sure that the “register DHCP leases” options are unchecked on Services/DNS Resolver/General Settings?
Also is Firewall/pfBlockerNG/DNSBL/Web Server Interface set to Localhost?
dnsbl python mode
I wasn't 100% sure what the difference between unbound and python mode was, so I decided not to change it just yet until I had a better understanding. However, since you asked, I thought I would try it and see if it worked that way. I checked your other suggestions, and yes they were set as you mentioned.
After changing to python mode, TLD is now working - thank you! Also, pretty cool that my RAM usage is down to 15% now.. guess I didn't need the upgrade, oh well.
I did read the following post from BBcan177, along with the "more info" under "dnsbl mode", but was wondering if you had more info I can check out to better understand. Also, because of this, I didn't enable anything else under DNSBL other than TLD
This mode will allow logging of DNS Replies, and more advanced DNSBL Blocking features.