Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    DNSBL logging/reports - inconsistent logging?

    Scheduled Pinned Locked Moved pfBlockerNG
    1 Posts 1 Posters 256 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • O
      ora23362
      last edited by ora23362

      Hi
      New install of pfBlockerNG-devel this week, first time I have installed and really impressed but struggling to identify why a certain domain is blocked but the block does not show up in the reports/logs.

      pfSense 22.01
      pfBlockerNG-devel 3.1.0_1 + patch "pfSense > 2.6 Fix for ridentifier filterlog sring "

      Example: device-metrics-us.amazon.com
      I can see the DNS response in wireshark as 10.10.10.1
      pfblocker1-wireshark-dns.png

      Can see the entry in pfb_dnsbl.conf which is included into the unbound config:

      local-data: "device-metrics-us.amazon.com 60 IN A 10.10.10.1"
      

      Other domains included via pfb_dnsbl.conf do show up in the reports such as this example:

      local-data: "browser.pipe.aria.microsoft.com 60 IN A 10.10.10.1"
      

      pfblocker2-DNSBL-block.png
      Making it easy to find and whitelist where necessary.

      My query is not about if the example above should be whitelisted or not but to try and understand why one is logged and another isn't.

      Logging/Blocking Mode is DNSBL Webserver/VIP
      pfblocker3-DNSBL-groups.png

      Thanks for any guidance on what I should be looking for.
      James.

      Edited to add:

      The one that does show up in the logs is found in the dnsbl.log file - the one that doesn't is not.

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.