• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

pfBlockerNG with external BIND DNS

Scheduled Pinned Locked Moved pfBlockerNG
7 Posts 2 Posters 1.4k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • A
    asterix
    last edited by asterix Oct 28, 2021, 4:32 PM Oct 28, 2021, 4:31 PM

    I am looking for an option to use pfBlockerNG just with an external BIND DNS server which is on the network. I do not want multiple DNS services on my network and my entire network uses the BIND server which is tailored for internal and external name resolutions.

    Is there anyway I can get rid of unbound DNS which is installed on pfSense? And let pfBlockerNG deal with BIND DNS instead of unbound?

    Any help would be much appreciated.

    A G 2 Replies Last reply Oct 31, 2021, 2:50 AM Reply Quote 0
    • A
      asterix @asterix
      last edited by Oct 31, 2021, 2:50 AM

      Anyone knows how this can be achieved?

      1 Reply Last reply Reply Quote 0
      • G
        Gertjan @asterix
        last edited by Gertjan Nov 1, 2021, 2:12 PM Nov 1, 2021, 2:11 PM

        @asterix said in pfBlockerNG with external BIND DNS:

        And let pfBlockerNG deal with BIND DNS instead of unbound?

        pfBlockerNG informed you that :

        d3d9b393-b188-4ea2-bd53-9923cb472c47-image.png

        so, if unbound isn't there, DNSBL isn't possible for pfBlockerNG .

        edit : dono how pfBlockerNG vehaves - what it can do if unbound isn't running at all.
        It could create aliases, to be used by the firewall.
        Never tested such a situation.

        I guess it's possible to inform all you LAN(s) clients(s) and pfSense itself that there are DNS servers available elsewhere. These could be some where local.

        Getting rid of unbound :

        5b6ddfbb-fea5-4af5-ab93-211e3b536a04-image.png

        Uncheck, Save and Validate.

        No "help me" PM's please. Use the forum, the community will thank you.
        Edit : and where are the logs ??

        1 Reply Last reply Reply Quote 0
        • A
          asterix
          last edited by Nov 3, 2021, 8:17 PM

          That wont work since pfBlockerNG, once enabled, service starts the unbound dns service.

          G 1 Reply Last reply Nov 4, 2021, 9:31 AM Reply Quote 0
          • G
            Gertjan @asterix
            last edited by Nov 4, 2021, 9:31 AM

            @asterix said in pfBlockerNG with external BIND DNS:

            That wont work since pfBlockerNG, once enabled, service starts the unbound dns service.

            I de activated the DNSBL part of pfBlockerNG.
            Saved.
            De activated pfBlockerNF totally.
            Saved.

            Now I de activated unbound.
            Saved.

            Re activated pfBlockerNG - and remember, without the DNSBL part.
            Only the IP part is activated.

            pfBlockerNG started.

            744c9f01-d133-4a63-9e6e-705575c7b61c-image.png

            Only the filter reload process works. Not the DNSBL part.

            unbound, as it was de activated, was NOT activated :
            It's absent from this list :

            c33e6bf8-54c4-478e-a5d3-5ad4daa69c1a-image.png

            ( I checked of course on the command line if some instance of unbound was running : it wasn't )

            As I have no DNS alternative, like dnsmasq = the forwarder, pfSense now hasn't any DNS resolve capabilities, which gives nice side effects .....

            But the thing is : if unbound is user de activated, pfBlockerNG won't enable / start it.
            The DNSBL won't work, as it needs unbound to do it's work. Not some DNS resolver from elsewhere.

            No "help me" PM's please. Use the forum, the community will thank you.
            Edit : and where are the logs ??

            A 1 Reply Last reply Nov 20, 2021, 6:13 AM Reply Quote 0
            • A
              asterix @Gertjan
              last edited by Nov 20, 2021, 6:13 AM

              @gertjan

              Yes but that beats the purpose. You don’t have DNSBL to block ads, etc

              I want pfblockerng to just use my configured BIND DNS for all lookups. Unbound is shitty.

              1 Reply Last reply Reply Quote 0
              • A
                asterix
                last edited by asterix Nov 20, 2021, 6:31 PM Nov 20, 2021, 6:26 PM

                I think I have found a very easy way to bypass unbound.

                In general setup/DNS Resolution Behavior I changed it to use remote DNS servers and ignore local DNS. And in DNS Server Settings I added my local BIND DNS ip addresses.

                In client ip address assignment, I still give pfSense IP address for dns, however pfSense just ignores unbound and uses my local dns for resolutions. It’s still utilizing the DNSBL and IP blocklists as they are defined in the firewall floating rules by pfblockerng.

                Resolutions now are much faster. Hope this keeps working as I just could not stand unbound resolution performance issues.

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                  [[user:consent.lead]]
                  [[user:consent.not_received]]