New SafeSearch feature borked

RonpfS

@wolfsden3 said in New SafeSearch feature borked:

I'm not using python mode. I don't know why I'd care to...why have different modes?

You could give it a try

wolfsden3

Yes but...if it's optional and not required to run that function why would I...?

I have 5 firewalls all sync'd to this one and borking this one could affect the entire network + VPN's, etc.

Is python mode required for that safe search feature that I can't seem to work correctly?

Again, I think this is a bug and the safe search feature is broken.

RonpfS

@wolfsden3 said in New SafeSearch feature borked:

-rw-r--r-- 1 root wheel 52207941 Feb 14 21:14 /var/unbound/pfb_dnsbl.conf
-rw-r--r-- 1 root unbound 2421 Feb 14 20:03 /var/unbound/pfb_dnsbl_lighty.conf

This is what my folder looked like before switching mode :

-rw-r--r--   1 root     unbound       2063 Feb  1 17:37 pfb_dnsbl_lighty.conf
-rw-r--r--   1 root     unbound      20596 Feb  4 19:56 pfb_dnsbl.safesearch.conf
-rw-r--r--   1 root     unbound       4377 Feb  4 19:56 pfb_dnsbl.doh.conf
-rw-r--r--   1 root     wheel    154466466 Feb  4 20:04 pfb_dnsbl.conf
-rw-r--r--   1 root     unbound       3434 Feb  4 20:18 host_entries.conf
-rw-r--r--   1 root     unbound          0 Feb  4 20:18 dhcpleases_entries.conf
-rw-r--r--   1 root     unbound          0 Feb  4 20:18 domainoverrides.conf
-rw-r--r--   1 root     unbound        176 Feb  4 20:18 access_lists.conf
-rw-r--r--   1 unbound  unbound       2124 Feb  4 20:18 unbound.conf

so unless things changed, your are missing some files pfb_*.conf.

Go over General, DNSBL, IP tabs save settings, Force Update, Force Reload All, this may sanitize your database.

wolfsden3

For giggles I went to look for that python mode option, I can't find it now.

Where is it? I'll try it. Why not.

RonpfS

@wolfsden3 Under DNSBL Tab

wolfsden3

Oh - instead of "Unbound" you do "Unbound Python Mode" - it's a drop down which is why it's not obvious.

RonpfS

@wolfsden3 And from what I understand, you will have to migrate your TLD Whitelist to DNSBL Whitelist.

Be careful, test on a test box

wolfsden3

That's irritating. I looked at it but didn't turn it on. Something broke unbound. I might take a look at this python version but it's beta so the unbound one should still work.

I emailed bbcan.

RonpfS

@wolfsden3 said in New SafeSearch feature borked:

I might take a look at this python version but it's beta

There are some pitfalls, but it has be stable for weeks.

Gertjan

@wolfsden3 said in New SafeSearch feature borked:

the one that works LOL.

What didn't work (well) using unbound, is that it reads all these files (the ones you listed) : 362 + 111 + 52.207.941 ( !!) + 2421 + 300 + 2272 == thousands of lines to be re parsed at process (re) start.
There are systems that will takes tens of seconds (minutes) to so, and during this time the system goes to 100 %and DNS isn't working.

That's why python mode was used : the python module handles the files, unbound just invokes the python "external' script to do the DNSBL business.

IMHO : the so called "python mode" will be the only one being used in the future. The mode where files are included from the main unbound.conf will be abandoned.
Give it a try ;)