pfBlockerNG-devel DNSBL not working after 21.05 upgrade
-
Hello, I recently upgraded my SG-5100 from v21.02.2 to 21.05. Everything went smoothly except I noticed that the DNSBL count on the pfBlockerNG widget was not incrementing. Upon further investigation in: Firewall/pfBlockerNG/Alerts/DNSBL Block: there are 0 block entries logged since the time I upgraded (6/6 @ 09:13). I attempted to force a pfBlock reload & update but that didn't seem to help. I also uninstalled the package and re-installed but no change.
My setup is pretty simple; Single WAN, one OpenVPN client and two OpenVPN servers, five VLANs, packages: Avahi, nut, pfBlockerNG-devel, Service_Watchdog, Snort, Status_Traffic_Totals.
Here is a screenshot from the pfBlocker widget, normally I see about 5% of domains blocked vs. Unbound Resolver Queries.
Any troubleshooting suggestions would be welcome.
-
I have the same issue.. but it still seems to block stuff? I uninstalled and clean reinstalled it but the issue remains.
-
I am seeing the same thing, seems to be related to https vs http
This seems to imply it might be fixed
https://www.reddit.com/r/pfBlockerNG/comments/lnczld/is_dnsbl_webserver_for_ssl_https_connections/
but that is not what I observe -
same issue after upgrading to version:
2.5.2-RELEASE (amd64)
built on Fri Jul 02 15:33:00 EDT 2021
FreeBSD 12.2-STABLEthere 0 in the unified logs which may account for the counters not working on the widget. Here's screenshot of widget after uninstall (unchecked keep setting), reinstall package, complete wizard and then add 1 custom dnsbl list.
-
Seems to be working okay for me. I have not seen any issues since upgrading to pfSense 2.5.2.
-
@jdeloach
What DNSBL mode are you running?
Unbound or Unbound Python -
@azdeltawye said in pfBlockerNG-devel DNSBL not working after 21.05 upgrade:
What DNSBL mode are you running?
Unbound or Unbound Python
I'm running Unbound Python
-
Hi
I am running Community edition 2.5.2 Release
PfblockerNG 3.0.0_16
I have the same issue running unbound python mode.
The DNSBL counters in the widget increment OK (25,110) but I have 0 entries in the IP section even though the logs are incrementing fine and Alerts are showing OK in the pfblockerNG alerts TAB..
Thks -
I am also seeing the same thing on the 2.5.2 CE release. I noticed that it seems to have stopped working some time around July 8 from looking at the DNSBL reports. I also uninstalled without the "keep settings" option and reinstalled and it still seems to be broken.
Does anyone have any suggestions ? Thank you.
-
Fixed in pfBlockerNG-devel v3.1.0_0
CHANGELOG: ... Fix Unbound Mode logging of HTTPS domains (lighttpd regression)
