Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    pfBlockerNG works well with nslookup, but doesn't with browser, no dns/https (video included)

    Scheduled Pinned Locked Moved pfBlockerNG
    1 Posts 1 Posters 273 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      mzeid
      last edited by

      I have a weird problem.

      With CloudFlare and OpenDNS alone used as dns servers, porn sites are blocked normally (we are talking about a school environment), but when using pfBlockerNG some porn sites are available again, for example xnxx.com

      client computer is configured to use pfSense as DNS server, and nslookup test replies with 10.10.10.1 as expected. So here there is no problem.
      But when trying to browse the website with Firefox or chrome, it just opens! No DNS over https/TLS is NOT enabled.

      I did a test with Wireshark, it shows that it replied to the DNS query with the website real IP address! eventhough pfBlockerNG should reply with 10.10.10.1 and the upstream servers from CloudFlare should reply with 0.0.0.0 !!

      In case you suspect the problem is because of cached entries, I did a reload for pfBlockerNG, flushed cache on windows, cleared all data on Firefox. Then tried, and still it works !

      DNS settings for pfsense are set to 1.1.1.3 and 1.0.0.3, I forgot to show this in the video
      13c282e1-232e-4c79-96da-bbe6d97f44bf-image.png

      both pfBlockerNG and DNSBL are enabled, UT1 list is utilised.

      Please check the video
      https://streamable.com/u4503q

      I'm clueless here :(

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.