blocked domain list without logging still logs in pfblocker reports, dont know why. - solved
-
so, I followed a guide online on how to sinkhole domains, without them being logged in the reporting tab, so as to filter out known log noise, and look more easily for newly registered domains that are being blocked, but for what ever reason, they are still getting logged to the reporting tab. anybody have any ideas why this is happening and how I can fix it please? I merely want to keep blocking these domains, that are being hit so often they fill the logs up in mere days, so as to filter out the noise of known domains I block already. for a while it worked, then something seems to have happened and now they are all back to being logged again.
specifically I am referring to the unified reporting log panel.
dnsbl is in unbound mode (NON PYTHON, given that would break other services I'm running on pfsense if enabled, had to read into that one to find that out)
global logging/blocking mode is set to no global mode, and the block list is set to null blocking no logging where all the other block lists are set to DNSBL webserver/VIP address, and this one list is at the top of the list, AND given priority over all other lists, so like I said, this should still be blocking without logging but is not doing so anymore for some reason, not really sure when this started either, its been too long to recall, and I only am just now asking about it.
all lists actions are set to Unbound, and all lists are set to update once a day, so the only real difference from them is that one is set to null block mode, and is told to be the priority list to load it first before the other lists block any of the domains it has on it, so as far as i was aware, that made this list override the others, and therefor anything on them were not logged due to it being the priority list that loaded first.
just looked at all the other lists, and they are all set to default and to use the webserver IP for logging, the only one set to primary and null logging is the one that is not doing that anymore, thus my posting this for help finding out why. so in other words, everything, as far as I can tell, is set up the way it should be for the null blocking of those domains on that list to happen that way, and yet its not doing so.
I am not using dnsbl categories, and they are disabled, and I am also not using dnsbl safe search either, that too is disabled, DOH/DOT blocking is also disabled, wildcard blocking is disabled, I have resolver live sync enabled, I am not using IPv6 DNSBL, DNSBL VIP type is set to IP alias, web server interface is on lan, and using the default ports of 8081 and 8443, I have permit firewall rules enabled for lan only, global logging mode (I think I said this earlier, but saying it here just in case) is set to no global mode, blocked webpage shows the default of dnsbl_default.php, resolver cache is enabled, and DNSBL IPs default list action is disabled.
if anybody has any idea whats up here, even if its just me having something configured wrong, please let me know so I can fix it, I'm kind of just clueless at the moment.
also if I have somehow missed key information, or you need other information either way, let me know and I will add it.
-
I think I finally figured out why this kept happening.... and god dang I am a dork for not having figured this out sooner.... In my efforts to block domains that kept seeming to sneak through/past all of my blocks between pfsense and my piholes, I had set up domain overrides in dns-resolver....and I no more than took those out, and it seems that has been the bane of my issues this entire time, so far, only thing to pop up in the dnsbl blocks now, is a domain that I just validated is NOT actually yet being blocked, and that was after I cleared out the logs of old data, and started new with empty logs to make sure it was not old info I was reading into without realizing such.
I had over-riden them to directly point to the pfblocker VIP addres of 10.10.10.1, and it seems that was the issue I was having and just never realized it.
