Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Noting resolves hostnames, but pfblocker and firewall logs struggle?

    Scheduled Pinned Locked Moved DHCP and DNS
    8 Posts 3 Posters 1.2k Views 3 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C Offline
      clokwork
      last edited by

      I am trying to wrap my head around why Ntopng can resolve most of the host names on my network, but it seems pfblocker struggles, and the Pfsense firewall logs struggle the hardest.

      When viewing the firewall rules, does it only try to resolve at the time you want to see the host name? If so, that can make sense due to some devices not being online at that specific time.

      GertjanG 1 Reply Last reply Reply Quote 0
      • GertjanG Offline
        Gertjan @clokwork
        last edited by Gertjan

        @clokwork said in Noting resolves hostnames, but pfblocker and firewall logs struggle?:

        due to some devices not being online at that specific time.

        DNS doesn't need devices to be online.
        It will know about local devices as they could be in the local cache.

        The question is : how does the local cache knows about local device ?

        In theory, this is a great option :

        645ef745-1359-421e-8a7d-0ca3ee6756d9-image.png

        In practice, look at the the Resolver log file : if you have many LAN clients devices using DHCP, this will kill your DNS : it restarts all the time. pfblocker has a negative influence on this restart time. during restart : no DNS.

        @clokwork said in Noting resolves hostnames, but pfblocker and firewall logs struggle?:

        When viewing the firewall rules, does it only try to resolve at the time you want to see the host name?

        Yep : lines are read from the log file, IPs are converted to host names before shown in the GUI.

        @clokwork said in Noting resolves hostnames, but pfblocker and firewall logs struggle?:

        I am going to try using the DHCP registration as you mentioned. I will see if this has a positive effect.

        Positive ??
        During every new lease, and lease renewal, the DNS service will get interrupted as it has to restart.
        Again, check your DNS Resolver log (now for example) and see how many time you will find these words "info: start of service".
        I call that a negative effect.

        My advise :
        Do not check "DHCP registration" - but do check "Static DHCP" and add for all your devices a "DHCP static mappings in the DNS Resolver" .

        No "help me" PM's please. Use the forum, the community will thank you.
        Edit : and where are the logs ??

        C 1 Reply Last reply Reply Quote 0
        • C Offline
          clokwork @Gertjan
          last edited by

          @gertjan Thank you for the reply! I only have ~35 clients locally of which most are using DHCP. Hopefully that is not excessive For DNS. I am going to try using the DHCP registration as you mentioned. I will see if this has a positive effect.

          D 1 Reply Last reply Reply Quote 0
          • D Offline
            dma_pf @clokwork
            last edited by

            @clokwork said in Noting resolves hostnames, but pfblocker and firewall logs struggle?:

            Hopefully that is not excessive For DNS. I am going to try using the DHCP registration as you mentioned. I will see if this has a positive effect.

            That's certainly not excessive for pfsense. And I think you might have misunderstood @Gertjan.

            Using the DHCP Registration option can significantly slowdown your DNS because every time a device connects to pfsense the DNS Resolver stops to rebuild the DNS table and then it restarts. This is even more impactful when you are using pfblocker because during that rebuild process it has to load all of the pfblocker domain lists into DNS Resolver.

            As I mentioned yesterday in your other post. If you are using pfblocker do not use the DHCP Registration. If you do have particular DHCP clients that you want registered in the DNS then assign them a Static Mapping and use the "Static DHCP" option in DNS Resolver.

            GertjanG 1 Reply Last reply Reply Quote 0
            • GertjanG Offline
              Gertjan @dma_pf
              last edited by

              @dma_pf

              Instead of answering, I was editing my post above.
              Re read after

              Positive ??

              No "help me" PM's please. Use the forum, the community will thank you.
              Edit : and where are the logs ??

              1 Reply Last reply Reply Quote 0
              • C Offline
                clokwork
                last edited by

                Thank you all. I have backed out of python mode in pfblocker as I experienced issues with all hosts experiencing DNS issues sporadically. After rolling back to unbound, my issues were fixed. I will have to look into python mode at a later time.

                Aside from that, I will simply use some static IPs and use host overrides to help with this specific issue.

                GertjanG 1 Reply Last reply Reply Quote 0
                • GertjanG Offline
                  Gertjan @clokwork
                  last edited by

                  @clokwork said in Noting resolves hostnames, but pfblocker and firewall logs struggle?:

                  Thank you all. I have backed out of python mode in pfblocker as I experienced issues

                  Strange.

                  The usage of an external python module was created so loading (reloading) of unbound goes much faster, and memory usage is less.

                  It is Nlnetlabs, the authors of unbound, that implemented an external scripting to enable DNSBL.
                  The language chosen was Python, hence the name "Python module".

                  My unbound restarts maybe once a day, or less.
                  I'm using pfBlockerng-devel, latest version + the patch mentioned @reddit by the author.
                  No issues what so ever.

                  Btw : I'm not using Ntopng, been playing with it a while ago, but removed it as I found it wa shitting to hard the system resources (and I don't care who's visiting what and when).

                  No "help me" PM's please. Use the forum, the community will thank you.
                  Edit : and where are the logs ??

                  C 1 Reply Last reply Reply Quote 0
                  • C Offline
                    clokwork @Gertjan
                    last edited by

                    @gertjan I am running ntopng, but I haven't noticed any significant hit to my performance overall. At least not from viewing the processor and memory usage. When turning on python mode, are there any prerequisites? I simply checked the box to enable python mode, ensuring that DHCP Registration was not enabled. I do not use the DNS Resolver OpenVPN Client Registration.

                    Should I have unchecked the "enable pfblockerng" before making the change?

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.