Updating to pfBlockerNG-devel 3.1.0_1 from 3.1.0 blocks DNS requests
-
Hello all,
yesterday I updated my pfBlockerNG-devel installation from version 3.1.0 to 3.1.0_1. Unfortunately I had to recognize that afterwards all DNS requests out of my network will fail. My environment is a bit special. I am using several VLANs on a Cisco SG300-28 L3 switch, which is also doing hardware routing between them. My pfsense installation is responsible for internet access and DNS. I have configured DNS over TLS using port 853 for any DNS request, redirecting any port 53 request.
I still haven't figured out what is the problem. DNS Lookup on pfsense still works fine. Conneting to any server using the ip adress works fine as well. However all DNS requests out of my VLANs do fail. Does anybody have an idea, what is going wrong?
Thanks in advance!
Cheers
Volker -
@thelastunicorn said in Updating to pfBlockerNG-devel 3.1.0_1 from 3.1.0 blocks DNS requests:
pfBlockerNG-devel installation from version 3.1.0 to 3.1.0_1. Unfortunately I had to recognize that afterwards all DNS requests out of my network will fail
Known.
See, for example, this thread - just ne lwoer as your : pfBlockerNG-Devel v3.1.0_1 is up.
Just re start the DNS resolvers, as it was stopped during the update. -
Hello Gertjan,
I know about that issue and I restarted the DNS resolver. However it didn't work. DNS requests out of the network are still blocked.I guess one of the active DNSBL feeds contains an adress I am using within my network (e.g. 10.10.10.1, 127.0.0.1, 172.16.0.1 are on the Spam-RBL.fr list) which results in DNS blockings.
Cheers
Volker -
@thelastunicorn said in Updating to pfBlockerNG-devel 3.1.0_1 from 3.1.0 blocks DNS requests:
I guess one of the active DNSBL feeds contains an adress I am using within my network (e.g. 10.10.10.1, 127.0.0.1, 172.16.0.1 are on the Spam-RBL.fr list) which results in DNS blockings.
You've said it. Stop using this " Spam-RBL.fr" feed and you'll be fine.
Btw : the "3.1.0" to "3.1.0_1" upgrade includes minor changes, not the one that 'break' your setup. You would have seen this forum flooded with messages if that was the case.
@thelastunicorn said in Updating to pfBlockerNG-devel 3.1.0_1 from 3.1.0 blocks DNS requests:
DNS requests out of the network are still blocked
because you use ppfBlockerNG, you can also see why things are blocked. This means you can do something about it if needed.
-
That's true, however I am not sure whether Spam-RBL.fr list is activated during pfBlockerNG-devel default installation. I probably have to deactivate all feeds at first, activating one by another to find the right one ...
Cheers
Volker -
@thelastunicorn
When you install pfBlockerNG-devel it does .... nothing, except occupying some disk space.
Things start when you add feeds .... and activate options.@thelastunicorn said in Updating to pfBlockerNG-devel 3.1.0_1 from 3.1.0 blocks DNS requests:
activating one by another to find the right one
feeds are files, downloaded from 'some place'.
Example :
An IPv4 feeds containing IPv4 :
You see the URL ? Use it !!Ctrl-A the feed, Ctrl-C it, and Ctrl-V it on a browser tab.
As you can see, It's just a file.
Ctrl-F to find, for example, anything that is a RFC1918 and should not be in there. -
Wouldnt it be a lot smoother if you could search for an IP directly in PfBlocker and it will show the lists that are blocking it?
Right now it seems reversed....
-
I' have the impression that pfblockerng was written by people who wouldn't include 'settings' from 'elsewhere' without inspecting them upfront.
If a needed IP was included, a "whitelist click" would deal with it.Now we reached 2022. I've already seen posts about feeds that have their own IP in the list ... so when you include the feed, and then, on subsequent updated, pfblockerng complains it can't download it any more.
That's a ROFL situation. -
@gertjan Its way beyond ROFL....
-
@gertjan said in Updating to pfBlockerNG-devel 3.1.0_1 from 3.1.0 blocks DNS requests:
I've already seen posts about feeds that have their own IP in the list
Yep, I had this happen all off a sudden I got notifications that lists couldn't be updated, it's because the lists were blocked by other lists lol.
And now pfBlockerNG doesn't even log IP addresses that it blocks for me. I think the developer has pretty much given up on the project.