SafeSearch and blacklists aren't working

Sweety

Hello !
I wanted to set up a pfBlockerNG-Devel in a school so I tested everything at work and everything worked fine.
When I installed this in place (school), nothing worked, not even safesearch or URL blocking with blacklists.
I even removed Squid to cancel the proxy and test but nothing to do, nothing works ...
Is it possible to use SquidGuard without SSL Filtering?
Or pfBlocker without anything more?

Thank you for your answers ^^

viktor_g

@sweety

Make sure your clients are using pfSense as their DNS resolver;
Create a Port Forwarding rule for DNS requests: https://docs.netgate.com/pfsense/en/latest/recipes/dns-redirect.html;
Block all DNS-over-HTTPS servers using DoH pfBlockerNG feeds and DoH/DoT Blocking setting on the Firewall
/ pfBlockerNG / DNSBL / DNSBL SafeSearch page;

Sweety

@viktor_g I have a DNS server just behind my pfsense is it a problem ?

viktor_g

@sweety Right
You have to use pfSense DNS Resolver to use pfBlockerNG features

Sweety

@viktor_g OOhhh ok !! and you think it's making problems with my other subject (SSL MITM problem ?) ^^

viktor_g

@sweety Yes

Sweety

@viktor_g So how can i adjust the DNS in Windows and pfSense ? Do you know each steps ? Thanks you ^^

wolfsden3

@sweety i am here because I have similar problems. Mine is:

...so dumb. There's NO CONFLICT! What's that have to do with FireFox's dumb DNS lookup in the browser if it's to be blocked? FFS these browsers are getting aggressive. So my white lists aren't working either as a result of this feature.

TLD Whitelist - Missing data | mailchi.mp | No IP found! |

For you to use your Windows DNS servers you simply need to setup your network like this:

PC's = your windows DNS servers as their DNS servers
Servers = your PFSense as their DNS servers
PFSense = your outside DNS provider like OpenDNS, Google, Quad 9, etc, etc.

It's not terribly difficult.

Good luck!