pfSense Support Subscription

Author Topic: DNS resolver & DNSBL Enable... But DNS address could not be found.  (Read 190 times)

0 Members and 1 Guest are viewing this topic.

Offline jutje

  • Newbie
  • *
  • Posts: 16
  • Karma: +0/-0
    • View Profile
Hallo,

Am trying to config DNSBL but when i try to visit a site i get:
Quote
This site canít be reached

google.comís server DNS address could not be found.

See my config here:
https://imgur.com/a/N7Aqd


Plz help.
Thnx

Offline RonpfS

  • Hero Member
  • *****
  • Posts: 684
  • Karma: +96/-2
    • View Profile
Re: DNS resolver & DNSBL Enable... But DNS address could not be found.
« Reply #1 on: December 03, 2017, 12:01:34 pm »
Do you get DNS resolution when pfBlockerNG is disabled?. Make sure that all DNS Servers under DNS Server Settings support DNSSEC Support.

You have enabled Register DHCP leases in the DNS Resolver, beware that this will reload Unbound when a new lease is generated. Depending on the size of your DNSBL db, the reload may takes minutes to complete with no DNS services during the reload.

Under DNS Feeds, the 3 feeds seems to be IP list and not domain name list. What happen when you do a Force Update or a Force Reload DNSBL ? There are probably errors generated in the pfblockerNG logs.

2.3.5-RELEASE (amd64)
Intel Core2 Quad CPU Q8400 @ 2.66GHz 8GB
pfBlockerNG 2.1.2_1/Dev, suricata 4.0.1

Offline jutje

  • Newbie
  • *
  • Posts: 16
  • Karma: +0/-0
    • View Profile
Re: DNS resolver & DNSBL Enable... But DNS address could not be found.
« Reply #2 on: December 03, 2017, 12:35:47 pm »
Hi RonpfS,

Thnx for your fast reply.

Quote
Do you get DNS resolution when pfBlockerNG is disabled?
Yes when i have Action Disable under Firewall > pfBlockerNG > DNSBL Feeds

Quote
You have enabled Register DHCP leases in the DNS Resolver, beware that this will reload Unbound when a new lease is generated.
Oh thank you i didn't know that part so a have it Disable now

Quote
the 3 feeds seems to be IP list and not domain name list
https://imgur.com/a/WIHVn
They are DN's containing txt list of IP's

Offline RonpfS

  • Hero Member
  • *****
  • Posts: 684
  • Karma: +96/-2
    • View Profile
Re: DNS resolver & DNSBL Enable... But DNS address could not be found.
« Reply #3 on: December 03, 2017, 12:42:43 pm »
Quote
the 3 feeds seems to be IP list and not domain name list
https://imgur.com/a/WIHVn
They are DN's containing txt list of IP's
Those URLs are for the IP Feeds, not for DNSBL.
2.3.5-RELEASE (amd64)
Intel Core2 Quad CPU Q8400 @ 2.66GHz 8GB
pfBlockerNG 2.1.2_1/Dev, suricata 4.0.1

Offline jutje

  • Newbie
  • *
  • Posts: 16
  • Karma: +0/-0
    • View Profile
Re: DNS resolver & DNSBL Enable... But DNS address could not be found.
« Reply #4 on: December 03, 2017, 01:07:28 pm »
Quote
Those URLs are for the IP Feeds, not for DNSBL.
Ooooooooh.... Now i get it! :o ;)
Thnx RonpfS

Offline jutje

  • Newbie
  • *
  • Posts: 16
  • Karma: +0/-0
    • View Profile
Re: DNS resolver & DNSBL Enable... But DNS address could not be found.
« Reply #5 on: December 03, 2017, 01:54:38 pm »
RonpfS, I put all ma list and more under Firewall > pfBlockerNG > IPv4. https://imgur.com/a/4efek
But I do still get:

Quote
This site canít be reached

google.comís server DNS address could not be found.
And when I Disable pfBlockerNG completely e.g. it will start working back again.
What do am doing wrong?
« Last Edit: December 03, 2017, 01:59:38 pm by jutje »

Offline RonpfS

  • Hero Member
  • *****
  • Posts: 684
  • Karma: +96/-2
    • View Profile
Re: DNS resolver & DNSBL Enable... But DNS address could not be found.
« Reply #6 on: December 03, 2017, 02:03:01 pm »
If you don't have any DNSBL feed active, disable DNSBL in pfblockerNG.

Can't tell without more info. Do you ran a Force Update and Force Reload all after making the changes.
You have to dig into System Logs, Resolver Logs, Firewall logs, pfblockerng alerts and logs
2.3.5-RELEASE (amd64)
Intel Core2 Quad CPU Q8400 @ 2.66GHz 8GB
pfBlockerNG 2.1.2_1/Dev, suricata 4.0.1

Offline jutje

  • Newbie
  • *
  • Posts: 16
  • Karma: +0/-0
    • View Profile
Re: DNS resolver & DNSBL Enable... But DNS address could not be found.
« Reply #7 on: December 03, 2017, 02:28:18 pm »
I think i found the issue.
Some of my Lists are too aggressive.

Offline RonpfS

  • Hero Member
  • *****
  • Posts: 684
  • Karma: +96/-2
    • View Profile
2.3.5-RELEASE (amd64)
Intel Core2 Quad CPU Q8400 @ 2.66GHz 8GB
pfBlockerNG 2.1.2_1/Dev, suricata 4.0.1

Offline jutje

  • Newbie
  • *
  • Posts: 16
  • Karma: +0/-0
    • View Profile
Re: DNS resolver & DNSBL Enable... But DNS address could not be found.
« Reply #9 on: December 03, 2017, 03:53:57 pm »
Quote
Like firehole ... https://forum.pfsense.org/index.php?topic=135257.0
Yes that was exactly the issue. So i turn that list OFF.

Thnx