DNS Resolver fails after enabling pfBlockerNG (DNSBL)
-
Does anyone have any idea why the DNS Resolver doesn't work after enabling DNSBL? I tried doing some diagnostics (Diagnostic -> DNS Lookup), but unfortunately, 127.0.0.1 returns "No response".
-
Look at the pfblockerng.log file : go to the bottom, and from theer on, go up and find the latest unbound restart : you should find :
I saw this :
Next step : very first test / check : is unbound still running ?
(SSH or console command line !!)
[24.03-RELEASE][root@pfSense.bhf.tld]/root: ps aux | grep 'unbound.conf' unbound 47572 0.0 3.3 155348 132220 - Ss 15:36 6:02.13 /usr/local/sbin/unbound -c /var/unbound/unbound.conf
Is unbound listing on '127.0.0.1' ?
[24.03-RELEASE][root@pfSense.bhf.tld]/root: sockstat | grep 'unbound' unbound unbound 47572 3 udp6 *:53 *:* unbound unbound 47572 4 tcp6 *:53 *:* unbound unbound 47572 5 udp4 *:53 *:* unbound unbound 47572 6 tcp4 *:53 *:* unbound unbound 47572 8 tcp4 127.0.0.1:953 *:*
This shows me that u bound is listening on all ( ! ) existing interfaces, using port 53 ( of course ) using TCP and UDP, IPv4 and IPv6.
-
@Gertjan said in DNS Resolver fails after enabling pfBlockerNG (DNSBL):
I saw this :
ea0bf9de-36a9-4ef1-8d32-5024b67c8fdb-image.png
Yes, I have the same logs..
Unbound was still running and listening to 127.0.0.1:53 (*:53).
-
@beluclark said in DNS Resolver fails after enabling pfBlockerNG (DNSBL):
Unbound was still running and listening to 127.0.0.1:53 (*:53).
The, even when you ask it utterly BS? it should reply :
with no answer as there isn't an answer.
This is better : -
@Gertjan Unfortunately,
-
@beluclark said in DNS Resolver fails after enabling pfBlockerNG (DNSBL):
Unfortunately
Is it ? The image you've shown is like mine : the unbound answer is correct, The host couldn't be resolved.
Way better as the GUI : the command line (not the GUI command line of course).
SSH will do just fine, menu option 8.Ask unbound to resolve "google.com", using 127.0.0.1, as unbound listens on 127.0.0.1 :
dig @127.0.0.1 google.com
or even
dig @127.0.0.1 google.com +trace