pfblockerng-dev restarts unbound but DNSBL is disabled
-
Hi there,
I am trying to avoid pfblockerng-dev on my pfSense to restart my unbound resolver. I deactivated DNSBL in pfblockerng (I did not enable the DNSBL feature). My pfblockerng executes the CRON job at 6 am every morning and it always restarts unbound even tho it is not supposed to do that. Does anybody know how to prevent pfblockerng from restarting Unbound? Manually executing Update/CRON/Reload also causes Unbound to restart.
Any help greatly appreciated!
Cheers!
Henry
-
@elmnts Version of pfsense ? pfblockerng? logs?
-
@ronpfs pfSense is running version 2.4.5. pfblockerng-dev is version 3.0.0_8. Which logs would you like to see?
Cheers!
-
@elmnts Maybe inspect pfblockerng.log, system / resolver / dhcp logs. If nothing obvious is found, then try :
Enable DNSBL, save settings, disable DNSBL, Save settings, Force Update, Force Reload ALL. It shouldn't compile any DNSBL data. The wait for cron update to see what happens.
-
@ronpfs Hi! Thanks for getting back. DHCP option „ Enable registration of DHCP client names in DNS“ is not set. I unchecked all settings in my DNSBL config. I disabled all DNSBL Groups.
This is the log when force an update:
UPDATE PROCESS START [ v3.0.0_8 ] [ 01/09/21 02:15:53 ] ===[ DNSBL Process ]================================================ Clearing all DNSBL Feeds Stopping Unbound Resolver. Unbound stopped in 2 sec. Additional mounts: No changes required. Starting Unbound Resolver... completed [ 01/09/21 02:15:54 ] DNSBL is disabled ===[ GeoIP Process ]============================================ [ pfB_Europe_v4 ] exists. ===[ IPv4 Process ]================================================= [ Whitelist_custom_v4 ] exists. [ Abuse_Feodo_C2_v4 ] exists. [ Abuse_SSLBL_v4 ] exists. [ CINS_army_v4 ] exists. [ ET_Block_v4 ] exists. [ ET_Comp_v4 ] exists. [ ISC_1000_30_v4 ] exists. [ ISC_Block_v4 ] exists. [ Spamhaus_Drop_v4 ] exists. [ Spamhaus_eDrop_v4 ] exists. [ BlockListDE_Apache_v4 ] exists. [ BlockListDE_Asterisk_v4 ] exists. [ BlockListDE_Bots_v4 ] exists. [ BlockListDE_Brute_v4 ] exists. [ BlockListDE_Email_v4 ] exists. [ BlockListDE_FTP_v4 ] exists. [ BlockListDE_FTPD_v4 ] exists. [ BlockListDE_IMAP_v4 ] exists. [ BlockListDE_IRC_v4 ] exists. [ BlockListDE_Mail_v4 ] exists. [ BlockListDE_POP3_v4 ] exists. [ BlockListDE_Postfix_v4 ] exists. [ BlockListDE_SIP_v4 ] exists. [ BlockListDE_SSH_v4 ] exists. [ BlockListDE_Strong_v4 ] exists. [ BDS_Ban_v4 ] exists. [ BlockListDE_All_v4 ] exists. [ MS_1_v4 ] exists. ===[ Aliastables / Rules ]========================================== No changes to Firewall rules, skipping Filter Reload No Changes to Aliases, Skipping pfctl Update ===[ Kill States ]================================================== Firewall state(s) validation for [ 103 ] IPv4 address(es)... No matching states found ====================================================================== UPDATE PROCESS ENDED [ 01/09/21 02:15:56 ] -
@elmnts Now there shouldn't be anything about pfblockerNG in DNS Resolver / General Settings : Custom options
Wait for next Cron Update to see if it restart unbound.
-
@ronpfs Yes, the entry „server:include: /var/unbound/pfb_dnsbl.*conf“ is not in the Unbound custom options anymore. I will wait till the CRON runs automatically and get back to you.
Thanks for your help!
-
@elmnts Are you on v3.0.0_7?
-
@bbcan177 Hi! I am running pfblockerNG-dev version 3.0.0_8
-
@ronpfs Hi! The CRON job was executed automatically at 6 am this morning. Unfortunatly it restarted Unbound again. Do you have any other idea what might cause the problem?
I dont know if it makes a difference but I used the DNSBL feature for quiet some time. I just wanted to deactivate it because I dont want to use the DNSBL feature from pfblockerng anymore. I also want to use Unbounds cache. I also tried the the "Rresolver cache" feature (which is enabled by default but I still checked it). Unbound restarted und I checked the cache entries before manually execute the CRON job and after executing it. Cache entries which have been in the Unbound cache before were cleared after. So automatically reloading the cache after pfblockerng restarts Unbound doesnt seem to work either.
Jan 9 06:00:25 unbound 54051:0 info: start of service (unbound 1.10.1). Jan 9 06:00:25 unbound 54051:0 notice: init module 0: iterator Jan 9 06:00:24 unbound 6659:0 info: 4.000000 8.000000 1 Jan 9 06:00:24 unbound 6659:0 info: 2.000000 4.000000 6 Jan 9 06:00:24 unbound 6659:0 info: 1.000000 2.000000 11 Jan 9 06:00:24 unbound 6659:0 info: 0.524288 1.000000 15 Jan 9 06:00:24 unbound 6659:0 info: 0.262144 0.524288 34 Jan 9 06:00:24 unbound 6659:0 info: 0.131072 0.262144 154 Jan 9 06:00:24 unbound 6659:0 info: 0.065536 0.131072 188 Jan 9 06:00:24 unbound 6659:0 info: 0.032768 0.065536 370 Jan 9 06:00:24 unbound 6659:0 info: 0.016384 0.032768 365 Jan 9 06:00:24 unbound 6659:0 info: 0.008192 0.016384 138 Jan 9 06:00:24 unbound 6659:0 info: 0.002048 0.004096 2 Jan 9 06:00:24 unbound 6659:0 info: 0.000512 0.001024 1 Jan 9 06:00:24 unbound 6659:0 info: 0.000000 0.000001 79 Jan 9 06:00:24 unbound 6659:0 info: lower(secs) upper(secs) recursions Jan 9 06:00:24 unbound 6659:0 info: [25%]=0.0218154 median[50%]=0.0413585 [75%]=0.0892405 Jan 9 06:00:24 unbound 6659:0 info: histogram of recursion processing times Jan 9 06:00:24 unbound 6659:0 info: average recursion processing time 0.093712 sec Jan 9 06:00:24 unbound 6659:0 info: server stats for thread 3: requestlist max 8 avg 0.26685 exceeded 0 jostled 0 Jan 9 06:00:24 unbound 6659:0 info: server stats for thread 3: 2526 queries, 1162 answers from cache, 1364 recursions, 90 prefetch, 0 rejected by ip ratelimiting Jan 9 06:00:24 unbound 6659:0 info: 2.000000 4.000000 3 Jan 9 06:00:24 unbound 6659:0 info: 1.000000 2.000000 3 Jan 9 06:00:24 unbound 6659:0 info: 0.524288 1.000000 11 Jan 9 06:00:24 unbound 6659:0 info: 0.262144 0.524288 5 Jan 9 06:00:24 unbound 6659:0 info: 0.131072 0.262144 47 Jan 9 06:00:24 unbound 6659:0 info: 0.065536 0.131072 51 Jan 9 06:00:24 unbound 6659:0 info: 0.032768 0.065536 66 Jan 9 06:00:24 unbound 6659:0 info: 0.016384 0.032768 94 Jan 9 06:00:24 unbound 6659:0 info: 0.008192 0.016384 39 Jan 9 06:00:24 unbound 6659:0 info: 0.000000 0.000001 19 Jan 9 06:00:24 unbound 6659:0 info: lower(secs) upper(secs) recursions Jan 9 06:00:24 unbound 6659:0 info: [25%]=0.0210029 median[50%]=0.0412082 [75%]=0.111154 Jan 9 06:00:24 unbound 6659:0 info: histogram of recursion processing times Jan 9 06:00:24 unbound 6659:0 info: average recursion processing time 0.114524 sec Jan 9 06:00:24 unbound 6659:0 info: server stats for thread 2: requestlist max 0 avg 0 exceeded 0 jostled 0 Jan 9 06:00:24 unbound 6659:0 info: server stats for thread 2: 697 queries, 359 answers from cache, 338 recursions, 35 prefetch, 0 rejected by ip ratelimiting Jan 9 06:00:24 unbound 6659:0 info: 2.000000 4.000000 1 Jan 9 06:00:24 unbound 6659:0 info: 1.000000 2.000000 5 Jan 9 06:00:24 unbound 6659:0 info: 0.524288 1.000000 13 Jan 9 06:00:24 unbound 6659:0 info: 0.262144 0.524288 24 Jan 9 06:00:24 unbound 6659:0 info: 0.131072 0.262144 141 Jan 9 06:00:24 unbound 6659:0 info: 0.065536 0.131072 156 Jan 9 06:00:24 unbound 6659:0 info: 0.032768 0.065536 259 Jan 9 06:00:24 unbound 6659:0 info: 0.016384 0.032768 320 Jan 9 06:00:24 unbound 6659:0 info: 0.008192 0.016384 108 Jan 9 06:00:24 unbound 6659:0 info: 0.004096 0.008192 1 Jan 9 06:00:24 unbound 6659:0 info: 0.000000 0.000001 57 Jan 9 06:00:24 unbound 6659:0 info: lower(secs) upper(secs) recursions Jan 9 06:00:24 unbound 6659:0 info: [25%]=0.0217728 median[50%]=0.0399162 [75%]=0.0944181 Jan 9 06:00:24 unbound 6659:0 info: histogram of recursion processing times Jan 9 06:00:24 unbound 6659:0 info: average recursion processing time 0.079556 sec Jan 9 06:00:24 unbound 6659:0 info: server stats for thread 1: requestlist max 7 avg 0.208007 exceeded 0 jostled 0 Jan 9 06:00:24 unbound 6659:0 info: server stats for thread 1: 2101 queries, 1016 answers from cache, 1085 recursions, 64 prefetch, 0 rejected by ip ratelimiting Jan 9 06:00:24 unbound 6659:0 info: 2.000000 4.000000 3 Jan 9 06:00:24 unbound 6659:0 info: 1.000000 2.000000 1 Jan 9 06:00:24 unbound 6659:0 info: 0.524288 1.000000 12 Jan 9 06:00:24 unbound 6659:0 info: 0.262144 0.524288 18 Jan 9 06:00:24 unbound 6659:0 info: 0.131072 0.262144 84 Jan 9 06:00:24 unbound 6659:0 info: 0.065536 0.131072 101 Jan 9 06:00:24 unbound 6659:0 info: 0.032768 0.065536 161 Jan 9 06:00:24 unbound 6659:0 info: 0.016384 0.032768 187 Jan 9 06:00:24 unbound 6659:0 info: 0.008192 0.016384 80 Jan 9 06:00:24 unbound 6659:0 info: 0.004096 0.008192 1 Jan 9 06:00:24 unbound 6659:0 info: 0.000000 0.000001 37 Jan 9 06:00:24 unbound 6659:0 info: lower(secs) upper(secs) recursions Jan 9 06:00:24 unbound 6659:0 info: [25%]=0.0210495 median[50%]=0.0404003 [75%]=0.0965196 Jan 9 06:00:24 unbound 6659:0 info: histogram of recursion processing times Jan 9 06:00:24 unbound 6659:0 info: average recursion processing time 0.087468 sec Jan 9 06:00:24 unbound 6659:0 info: server stats for thread 0: requestlist max 3 avg 0.0557823 exceeded 0 jostled 0 Jan 9 06:00:24 unbound 6659:0 info: server stats for thread 0: 1289 queries, 604 answers from cache, 685 recursions, 50 prefetch, 0 rejected by ip ratelimiting Jan 9 06:00:24 unbound 6659:0 info: service stopped (unbound 1.10.1). -
@elmnts Maybe post the pfblockng.log so we can see what it does during Cron Update.
-
@ronpfs I attached the pfblockerng.log. I change the execution time for the cron job to 7:15 pm tho.
CRON PROCESS START [ v3.0.0_8 ] [ 01/09/21 19:15:00 ] [ Abuse_Feodo_C2_v4 ] Remote timestamp: Sat, 09 Jan 2021 18:10:03 GMT Local timestamp: Sat, 09 Jan 2021 17:25:03 GMT Update found [ Abuse_SSLBL_v4 ] Remote timestamp: Sat, 09 Jan 2021 18:10:02 GMT Local timestamp: Sat, 09 Jan 2021 17:25:03 GMT Update found [ CINS_army_v4 ] Remote timestamp: Sat, 09 Jan 2021 17:18:44 GMT Local timestamp: Sat, 09 Jan 2021 16:18:42 GMT Update found [ ET_Block_v4 ] Remote timestamp: Fri, 08 Jan 2021 23:18:59 GMT Local timestamp: Fri, 08 Jan 2021 05:30:02 GMT Update found [ ET_Comp_v4 ] [ 01/09/21 19:15:01 ] Remote timestamp: Fri, 08 Jan 2021 23:18:24 GMT Local timestamp: Fri, 08 Jan 2021 05:30:23 GMT Update found [ ISC_1000_30_v4 ] [ 01/09/21 19:15:02 ] Remote timestamp: Sat, 09 Jan 2021 18:14:03 GMT Local timestamp: Sat, 09 Jan 2021 15:13:22 GMT Update found [ ISC_Block_v4 ] [ 01/09/21 19:15:03 ] Remote timestamp: Sat, 09 Jan 2021 18:14:03 GMT Local timestamp: Sat, 09 Jan 2021 16:00:06 GMT Update found [ Spamhaus_Drop_v4 ] [ 01/09/21 19:15:04 ] Remote timestamp: Sat, 09 Jan 2021 00:28:34 GMT Local timestamp: Sat, 09 Jan 2021 00:28:34 GMT Update not required [ Spamhaus_eDrop_v4 ] Remote timestamp: Wed, 30 Dec 2020 21:14:18 GMT Local timestamp: Wed, 30 Dec 2020 21:14:18 GMT Update not required [ BlockListDE_Apache_v4 ] Remote timestamp: Sat, 09 Jan 2021 17:50:29 GMT Local timestamp: Sat, 09 Jan 2021 17:09:05 GMT Update found [ BlockListDE_Asterisk_v4 ] Remote timestamp: Sat, 09 Jan 2021 17:50:38 GMT Local timestamp: Sat, 09 Jan 2021 17:09:13 GMT Update found [ BlockListDE_Bots_v4 ] Remote timestamp: Sat, 09 Jan 2021 17:50:38 GMT Local timestamp: Sat, 09 Jan 2021 17:09:13 GMT Update found [ BlockListDE_Brute_v4 ] [ 01/09/21 19:15:05 ] Remote timestamp: Sat, 09 Jan 2021 17:50:44 GMT Local timestamp: Sat, 09 Jan 2021 17:09:24 GMT Update found [ BlockListDE_Email_v4 ] Remote timestamp: Sat, 09 Jan 2021 17:50:24 GMT Local timestamp: Sat, 09 Jan 2021 17:09:01 GMT Update found [ BlockListDE_FTP_v4 ] Remote timestamp: Sat, 09 Jan 2021 17:50:37 GMT Local timestamp: Sat, 09 Jan 2021 17:09:12 GMT Update found [ BlockListDE_FTPD_v4 ] Remote timestamp: Sat, 09 Jan 2021 17:50:37 GMT Local timestamp: Sat, 09 Jan 2021 17:09:12 GMT Update found [ BlockListDE_IMAP_v4 ] Remote timestamp: Sat, 09 Jan 2021 17:50:36 GMT Local timestamp: Sat, 09 Jan 2021 17:09:11 GMT Update found [ BlockListDE_IRC_v4 ] Remote timestamp: Sat, 09 Jan 2021 17:50:40 GMT Local timestamp: Sat, 09 Jan 2021 17:09:19 GMT Update found [ BlockListDE_Mail_v4 ] [ 01/09/21 19:15:06 ] Remote timestamp: Sat, 09 Jan 2021 17:50:24 GMT Local timestamp: Sat, 09 Jan 2021 17:09:01 GMT Update found [ BlockListDE_POP3_v4 ] Remote timestamp: Sat, 09 Jan 2021 17:50:36 GMT Local timestamp: Sat, 09 Jan 2021 17:09:11 GMT Update found [ BlockListDE_Postfix_v4 ] Remote timestamp: Sat, 09 Jan 2021 17:50:24 GMT Local timestamp: Sat, 09 Jan 2021 17:09:01 GMT Update found [ BlockListDE_SIP_v4 ] Remote timestamp: Sat, 09 Jan 2021 17:50:38 GMT Local timestamp: Sat, 09 Jan 2021 17:09:13 GMT Update found [ BlockListDE_SSH_v4 ] Remote timestamp: Sat, 09 Jan 2021 17:50:19 GMT Local timestamp: Sat, 09 Jan 2021 17:08:59 GMT Update found [ BlockListDE_Strong_v4 ] Remote timestamp: Sat, 09 Jan 2021 17:50:39 GMT Local timestamp: Sat, 09 Jan 2021 17:09:16 GMT Update found [ BDS_Ban_v4 ] Remote timestamp: Sat, 09 Jan 2021 17:34:01 GMT Local timestamp: Sat, 09 Jan 2021 16:34:00 GMT Update found [ BlockListDE_All_v4 ] [ 01/09/21 19:15:07 ] Remote timestamp: Sat, 09 Jan 2021 17:50:05 GMT Local timestamp: Sat, 09 Jan 2021 17:08:46 GMT Update found [ MS_1_v4 ] ( md5 feed ) . 200 OK ( md5 unchanged ) Update not required UPDATE PROCESS START [ v3.0.0_8 ] [ 01/09/21 19:15:08 ] ===[ DNSBL Process ]================================================ Clearing all DNSBL Feeds Stopping Unbound Resolver. Unbound stopped in 2 sec. Additional mounts: No changes required. Starting Unbound Resolver... completed [ 01/09/21 19:15:09 ] DNSBL is disabled ===[ GeoIP Process ]============================================ [ pfB_Europe_v4 ] exists. ===[ IPv4 Process ]================================================= [ Whitelist_custom_v4 ] exists. [ Abuse_Feodo_C2_v4 ] Downloading update .. 200 OK. completed .. ------------------------------ Original Master Final ------------------------------ 1412 1412 1412 [ Pass ] ----------------------------------------------------------------- [ Abuse_SSLBL_v4 ] Downloading update [ 01/09/21 19:15:10 ] .. 200 OK. completed .. ------------------------------ Original Master Final ------------------------------ 129 100 100 [ Pass ] ----------------------------------------------------------------- [ CINS_army_v4 ] Downloading update .. 200 OK. completed .. ------------------------------ Original Master Final ------------------------------ 15000 14450 14450 [ Pass ] ----------------------------------------------------------------- [ ET_Block_v4 ] Downloading update [ 01/09/21 19:15:11 ] .. 200 OK. completed .. ------------------------------ Original Master Final ------------------------------ 2377 1009 1009 [ Pass ] ----------------------------------------------------------------- [ ET_Comp_v4 ] Downloading update [ 01/09/21 19:15:12 ] .. 200 OK. completed .. ------------------------------ Original Master Final ------------------------------ 4227 3971 3971 [ Pass ] ----------------------------------------------------------------- [ ISC_1000_30_v4 ] Downloading update [ 01/09/21 19:15:13 ] .. 200 OK. completed .. ------------------------------ Original Master Final ------------------------------ 8003 787 787 [ Pass ] ----------------------------------------------------------------- [ ISC_Block_v4 ] Downloading update [ 01/09/21 19:15:14 ] .. 200 OK. completed .. ------------------------------ Original Master Final ------------------------------ 21 14 14 [ Pass ] ----------------------------------------------------------------- [ Spamhaus_Drop_v4 ] exists. [ 01/09/21 19:15:15 ] [ Spamhaus_eDrop_v4 ] exists. [ BlockListDE_Apache_v4 ] Downloading update .. 200 OK. completed .. ------------------------------ Original Master Final ------------------------------ 9985 1991 1991 [ Pass ] ----------------------------------------------------------------- [ BlockListDE_Asterisk_v4 ] Downloading update [ 01/09/21 19:15:16 ] .. 200 OK. completed .. ------------------------------ Original Master Final ------------------------------ 500 173 173 [ Pass ] ----------------------------------------------------------------- [ BlockListDE_Bots_v4 ] Downloading update .. 200 OK. completed .. ------------------------------ Original Master Final ------------------------------ 37 32 32 [ Pass ] ----------------------------------------------------------------- [ BlockListDE_Brute_v4 ] Downloading update .. 200 OK. completed .. ------------------------------ Original Master Final ------------------------------ 1919 1 1 [ Pass ] ----------------------------------------------------------------- [ BlockListDE_Email_v4 ] Downloading update [ 01/09/21 19:15:17 ] .. 200 OK. completed .. ------------------------------ Original Master Final ------------------------------ 12766 4498 4498 [ Pass ] ----------------------------------------------------------------- [ BlockListDE_FTP_v4 ] Downloading update .. 200 OK. completed .. ------------------------------ Original Master Final ------------------------------ 112 109 109 [ Pass ] ----------------------------------------------------------------- [ BlockListDE_FTPD_v4 ] Downloading update [ 01/09/21 19:15:18 ] .. 200 OK. completed .. ------------------------------ Original Master Final ------------------------------ 112 0 0 [ Pass ] ----------------------------------------------------------------- [ BlockListDE_IMAP_v4 ] Downloading update .. 200 OK. completed .. ------------------------------ Original Master Final ------------------------------ 2823 0 0 [ Pass ] ----------------------------------------------------------------- [ BlockListDE_IRC_v4 ] Downloading update .. 200 OK. completed .. Empty file, Adding '127.1.7.7' to avoid download failure. ------------------------------ Original Master Final ------------------------------ 0 1 1 [ Pass ] ----------------------------------------------------------------- [ BlockListDE_Mail_v4 ] Downloading update [ 01/09/21 19:15:19 ] .. 200 OK. completed .. ------------------------------ Original Master Final ------------------------------ 12766 0 0 [ Pass ] ----------------------------------------------------------------- [ BlockListDE_POP3_v4 ] Downloading update .. 200 OK. completed .. ------------------------------ Original Master Final ------------------------------ 2823 0 0 [ Pass ] ----------------------------------------------------------------- [ BlockListDE_Postfix_v4 ] Downloading update [ 01/09/21 19:15:20 ] .. 200 OK. completed .. ------------------------------ Original Master Final ------------------------------ 12766 0 0 [ Pass ] ----------------------------------------------------------------- [ BlockListDE_SIP_v4 ] Downloading update .. 200 OK. completed .. ------------------------------ Original Master Final ------------------------------ 500 2 2 [ Pass ] ----------------------------------------------------------------- [ BlockListDE_SSH_v4 ] Downloading update [ 01/09/21 19:15:21 ] .. 200 OK. completed .. ------------------------------ Original Master Final ------------------------------ 32325 29489 29489 [ Pass ] ----------------------------------------------------------------- [ BlockListDE_Strong_v4 ] Downloading update .. 200 OK. completed .. ------------------------------ Original Master Final ------------------------------ 1293 103 103 [ Pass ] ----------------------------------------------------------------- [ BDS_Ban_v4 ] Downloading update [ 01/09/21 19:15:22 ] .. 200 OK. completed .. ------------------------------ Original Master Final ------------------------------ 1437 926 926 [ Pass ] ----------------------------------------------------------------- [ BlockListDE_All_v4 ] Downloading update [ 01/09/21 19:15:23 ] .. 200 OK. completed .. ------------------------------ Original Master Final ------------------------------ 47763 771 771 [ Pass ] ----------------------------------------------------------------- [ MS_1_v4 ] exists. ===[ Suppression Stats ]=================================== List Pre Suppress Master ----------------------------------------------------------- Abuse_Feodo_C2_v4 1412 1412 62681 Abuse_SSLBL_v4 100 100 62681 CINS_army_v4 14450 14450 62681 ET_Block_v4 1009 1009 62681 ET_Comp_v4 3971 3971 62681 ISC_1000_30_v4 787 787 62681 ISC_Block_v4 14 14 62681 Spamhaus_Drop_v4 1 1 62681 Spamhaus_eDrop_v4 78 78 62681 BlockListDE_Apache_v4 1991 1991 62681 BlockListDE_Asterisk_v4 173 173 62681 BlockListDE_Bots_v4 32 32 62681 BlockListDE_Brute_v4 1 1 62681 BlockListDE_Email_v4 4498 4498 62681 BlockListDE_FTP_v4 109 109 62681 BlockListDE_FTPD_v4 1 1 62681 BlockListDE_IMAP_v4 1 1 62681 BlockListDE_IRC_v4 1 1 62681 BlockListDE_Mail_v4 1 1 62681 BlockListDE_POP3_v4 1 1 62681 BlockListDE_Postfix_v4 1 1 62681 BlockListDE_SIP_v4 2 2 62681 BlockListDE_SSH_v4 29489 29489 62681 BlockListDE_Strong_v4 103 103 62681 BDS_Ban_v4 926 926 62681 BlockListDE_All_v4 771 771 62681 ===[ Aliastables / Rules ]========================================== No changes to Firewall rules, skipping Filter Reload Updating: pfB_PRI1_v4 200 addresses added.220 addresses deleted. Updating: pfB_BlockListDE_v4 401 addresses added.275 addresses deleted. Updating: pfB_PRI4_v4 17 addresses added.2 addresses deleted. Updating: pfB_PRI3_v4 12 addresses added. ===[ Kill States ]================================================== Firewall state(s) validation for [ 94 ] IPv4 address(es)... No matching states found ====================================================================== ===[ FINAL Processing ]===================================== [ Original IP count ] [ 194619 ] [ Final IP Count ] [ 62681 ] ===[ Permit List IP Counts ]========================= 19594 total 19593 /var/db/pfblockerng/permit/pfB_Europe_v4.txt 1 /var/db/pfblockerng/permit/Whitelist_custom_v4.txt ===[ Deny List IP Counts ]=========================== 62687 total 29489 /var/db/pfblockerng/deny/BlockListDE_SSH_v4.txt 14450 /var/db/pfblockerng/deny/CINS_army_v4.txt 4498 /var/db/pfblockerng/deny/BlockListDE_Email_v4.txt 3971 /var/db/pfblockerng/deny/ET_Comp_v4.txt 2764 /var/db/pfblockerng/deny/MS_1_v4.txt 1991 /var/db/pfblockerng/deny/BlockListDE_Apache_v4.txt 1412 /var/db/pfblockerng/deny/Abuse_Feodo_C2_v4.txt 1009 /var/db/pfblockerng/deny/ET_Block_v4.txt 926 /var/db/pfblockerng/deny/BDS_Ban_v4.txt 787 /var/db/pfblockerng/deny/ISC_1000_30_v4.txt 771 /var/db/pfblockerng/deny/BlockListDE_All_v4.txt 173 /var/db/pfblockerng/deny/BlockListDE_Asterisk_v4.txt 109 /var/db/pfblockerng/deny/BlockListDE_FTP_v4.txt 103 /var/db/pfblockerng/deny/BlockListDE_Strong_v4.txt 100 /var/db/pfblockerng/deny/Abuse_SSLBL_v4.txt 78 /var/db/pfblockerng/deny/Spamhaus_eDrop_v4.txt 32 /var/db/pfblockerng/deny/BlockListDE_Bots_v4.txt 14 /var/db/pfblockerng/deny/ISC_Block_v4.txt 2 /var/db/pfblockerng/deny/BlockListDE_SIP_v4.txt 1 /var/db/pfblockerng/deny/Spamhaus_Drop_v4.txt 1 /var/db/pfblockerng/deny/BlockListDE_Postfix_v4.txt 1 /var/db/pfblockerng/deny/BlockListDE_POP3_v4.txt 1 /var/db/pfblockerng/deny/BlockListDE_Mail_v4.txt 1 /var/db/pfblockerng/deny/BlockListDE_IRC_v4.txt 1 /var/db/pfblockerng/deny/BlockListDE_IMAP_v4.txt 1 /var/db/pfblockerng/deny/BlockListDE_FTPD_v4.txt 1 /var/db/pfblockerng/deny/BlockListDE_Brute_v4.txt ====================[ Empty Lists w/127.1.7.7 ]================== BlockListDE_FTPD_v4.txt BlockListDE_IMAP_v4.txt BlockListDE_IRC_v4.txt BlockListDE_Mail_v4.txt BlockListDE_POP3_v4.txt BlockListDE_Postfix_v4.txt Spamhaus_Drop_v4.txt ====================[ IPv4/6 Last Updated List Summary ]============== Apr 30 2020 MS_1_v4 Dec 30 22:14 Spamhaus_eDrop_v4 Jan 8 17:11 pfB_Europe_v4 Jan 8 17:11 Whitelist_custom_v4 Jan 9 00:18 ET_Comp_v4 Jan 9 00:18 ET_Block_v4 Jan 9 01:28 Spamhaus_Drop_v4 Jan 9 15:28 ISC_1000_30_v4 Jan 9 16:28 ISC_Block_v4 Jan 9 18:18 CINS_army_v4 Jan 9 18:34 BDS_Ban_v4 Jan 9 18:50 BlockListDE_All_v4 Jan 9 18:50 BlockListDE_SSH_v4 Jan 9 18:50 BlockListDE_Postfix_v4 Jan 9 18:50 BlockListDE_Mail_v4 Jan 9 18:50 BlockListDE_Email_v4 Jan 9 18:50 BlockListDE_Apache_v4 Jan 9 18:50 BlockListDE_POP3_v4 Jan 9 18:50 BlockListDE_IMAP_v4 Jan 9 18:50 BlockListDE_FTP_v4 Jan 9 18:50 BlockListDE_FTPD_v4 Jan 9 18:50 BlockListDE_SIP_v4 Jan 9 18:50 BlockListDE_Bots_v4 Jan 9 18:50 BlockListDE_Asterisk_v4 Jan 9 18:50 BlockListDE_Strong_v4 Jan 9 18:50 BlockListDE_IRC_v4 Jan 9 18:50 BlockListDE_Brute_v4 Jan 9 19:10 Abuse_SSLBL_v4 Jan 9 19:10 Abuse_Feodo_C2_v4 ====================[ DNSBL Last Updated List Summary ]============== Oct 22 2019 MDS_Immortal May 20 2020 Abuse_DOMBL May 20 2020 Abuse_URLBL May 20 2020 Spam404 May 20 2020 MoneroMiner May 20 2020 NoCoin Jul 11 2020 D_Me_Malw Jul 11 2020 D_Me_Malv Aug 14 00:35 MDS Oct 10 05:00 SFS_Toxic_BD Nov 6 13:09 CoinBlocker_All Nov 6 13:09 CoinBlocker_Opt Nov 12 23:17 MDL Dec 14 06:01 MS_2 Dec 15 09:07 MVPS Dec 21 05:06 SWC Dec 30 06:01 CCT_BD Jan 8 03:29 ISC_SDH Jan 8 06:00 UT1_phishing =============================================================== Database Sanity check [ PASSED ] ------------------------ Masterfile/Deny folder uniq check Deny folder/Masterfile uniq check Sync check (Pass=No IPs reported) ---------- Alias table IP Counts ----------------------------- 82281 total 36404 /var/db/aliastables/pfB_BlockListDE_v4.txt 21822 /var/db/aliastables/pfB_PRI1_v4.txt 19593 /var/db/aliastables/pfB_Europe_v4.txt 2764 /var/db/aliastables/pfB_PRI5_v4.txt 926 /var/db/aliastables/pfB_PRI4_v4.txt 771 /var/db/aliastables/pfB_PRI3_v4.txt 1 /var/db/aliastables/pfB_Whitelist_v4.txt pfSense Table Stats ------------------- table-entries hard limit 2000000 Table Usage Count 83667 UPDATE PROCESS ENDED [ 01/09/21 19:15:28 ] -
@elmnts said in pfblockerng-dev restarts unbound but DNSBL is disabled:
CRON PROCESS START [ v3.0.0_8 ] [ 01/09/21 19:15:00 ]
does not match
@elmnts said in pfblockerng-dev restarts unbound but DNSBL is disabled:
Jan 9 06:00:25 unbound 54051:0 info: start of service (unbound 1.10.1).
The restart of unbound at 06h00 was not triggered by the cron task at 19h15.
I presume you are using the new python mode, which means the the generic DNSBL file /var/unbound/pfb_dnsbl.conf" doesn't exist any more (present in the Resolver Custom option box).
Yes, unbound is restart - or reloading.
Keep in mind that the cache is dumped just before the restart, and loaded back in when started.
This leans : minimal overhead, as your restart time - and mine, takes just one second - without cache loses.This is my reasoning :
Unbound loads at startup also the python module that does all the DNSBL (and other) work. This python modules uses the probably updated /var/unbound/pfb_py_*.txt files.
See it like this : if, during an cron update, unbound didn't needed to be restarted, it wouldn't get restarted ;) -
@gertjan H! Thanks for your reply. I change the execution time of the cron job from 6:00 am to 7:15 pm (see my last post ... I mentioned it in there) so I get a "fresh" log output for my forum post. I am not using the Python Script.
Unbound ist restarting or reloading but it definitly does not dump the cache and reload it. I checked different cache entries before the cron job was executed and after it was executed.
unbound-control -c /var/unbound/unbound.conf dump_cache | grep heiseheise.de is an IT website here in Germany and it was in the cache before the cron job was executed but it was not in the cache after it finished. The entry did not expire. I also checked with other entries and they were all gone after the cron job finished.
-
@elmnts :
I tested with the 'unbound' mode.
Live sync was checked.
DNSBL is activated :Force Update log :
..... TLD finalize... completed [ 01/11/21 10:04:16 ] Saving DNSBL statistics... completed XXXX !pfb['dnsbl_py_blacklist'] is true XXXX pfb['dnsbl_sync'] is true XXXX !pfbpython is true XXXX file_exists /var/unbound/pfb_dnsbl.conf: Yes Resolver Live Sync analysis... completed [ 01/11/21 10:04:17 ] Resolver Live Sync finalizing: Remove local-zone(s): no changes Remove local-data(s): no changes Add local-zone(s): no changes Add local-data(s): no changes DNSBL update [ 44797 | PASSED ]... completed ------------------------------------------------------------------------The XXXX lines are added by me, to see if all the conditions are met so a live sync is tried.
It did, so no restart of unbound was needed.You do not use the DNSBL mode, like :
In that case, all I see when I 'force' a CRON update :
CRON PROCESS START [ v3.0.0_8 ] [ 01/11/21 10:14:29 ] No Updates required. CRON PROCESS ENDED UPDATE PROCESS ENDEDand unbound isn't restarted at all as pfBlockerNG doesn't work (care about) with host names so there s nothing to do for the resolver unbound - all blocking is IP based..
What pfBlockerNG version are you using ?
-
-
@elmnts
Thanks for the report, will address in the upcoming release. -
Thanks everybody who tried to help me with this issue. Thanks to BBcan177 fpr providing a Patch so quickly! You guys are amazing!
Cheers!
Henry
-
Just a comment that I seem to have had much the same issue as the OP on this thread. I've been using pfblockerng-dev since last autumn upgrading as each new version comes out (I've been on the 2.4.5-p1 version of pfSense). Everything seemed to be working OK until relatively recently when I started having problems with my Roon (audio server) where internet radio streams would stop working at regular intervals. This turned out to correspond to the times when the cron job was running and unbound was being stopped and started. Examination of the Roon logs showed that it was getting a timeout. I tried using the python integration and while this reduced the time that unbound was "off" it didn't solve the problem. I also tried disabling the DNSBL part of pfblockerng but still found that unbound was being restarted on regular intervals.
For the moment I have removed pfbockerng-dev completely. Interestingly, I needed to do a save on the DNS configuration settings to reset everything as there was something not quite right as "unbound-control" was no longer working. All is fine now with no unbound restarts, and it may be that some other odd networking artefacts that have appeared recently may be corrected.
When I have time to experiment again, I will do a clean re-install of pfBlockerNG-dev, as I would like the added protection provided by it (although I only use a very restricted set of block lists, and at the moment with lockdown and only my partner and myself at home there is less risk of younger family members or visitors going places they shouldn't).
-
@stepheng Hey! BBcan177 said he would include the patch in the next pfblockerng-dev Update. Maybe wait till version 3.0.0_9 is out. Or ask him if he can provide the patch to you if it is urgent!
Cheers!
-
@elmnts Yes, I'll certainly re-install when the next version appears, or soon after, probably on a day when I'm at home by myself, and I've got a few hours to do some testing without danger of upsetting my partner's television viewing or internet use!
As I said, it isn't really urgent because I'm not running an environment where there is a particularly high risk of a user going somewhere they shouldn't or being hijacked, but it is nice to know the protection is there, particularly when life gets back to normal and we have visits from the younger family members who are all over social media!
-
S Summer referenced this topic on
