DNSBL logging/reports - inconsistent logging?
-
Hi
New install of pfBlockerNG-devel this week, first time I have installed and really impressed but struggling to identify why a certain domain is blocked but the block does not show up in the reports/logs.pfSense 22.01
pfBlockerNG-devel 3.1.0_1 + patch "pfSense > 2.6 Fix for ridentifier filterlog sring "Example: device-metrics-us.amazon.com
I can see the DNS response in wireshark as 10.10.10.1
Can see the entry in pfb_dnsbl.conf which is included into the unbound config:
local-data: "device-metrics-us.amazon.com 60 IN A 10.10.10.1"
Other domains included via pfb_dnsbl.conf do show up in the reports such as this example:
local-data: "browser.pipe.aria.microsoft.com 60 IN A 10.10.10.1"
Making it easy to find and whitelist where necessary.My query is not about if the example above should be whitelisted or not but to try and understand why one is logged and another isn't.
Logging/Blocking Mode is DNSBL Webserver/VIP
Thanks for any guidance on what I should be looking for.
James.Edited to add:
The one that does show up in the logs is found in the dnsbl.log file - the one that doesn't is not.