Text only | Text with Images

OPNsense Forum

Archive => 20.7 Legacy Series => Topic started by: hfvk on January 01, 2021, 02:47:11 PM

Title: Unbound DNSBL - logging blocked queries
Post by: hfvk on January 01, 2021, 02:47:11 PM
I know this topic has been discussed earlier but I haven't yet found a solution for this.

So, I am on OPNsense 20.7.7. I am using Unbound and DNSBL to filter DNS queries. I have enabled Advanced Settings / Log Queries and I have also set loglevel to 5. I am not still seeing from the log what queries are being blocked.

Does anybody have any idea how to check what queries are being blocked by the DNSBL blacklists?
Title: Re: Unbound DNSBL - logging blocked queries
Post by: heresjody on January 03, 2021, 02:51:47 PM
I have to say I'm curious about this as well. Sometimes a certain website doesn't work anymore and it's difficult to see wether it's the firewall, VPN, DoT or DNSBL. Or something completely unrelated. 
Title: Re: Unbound DNSBL - logging blocked queries
Post by: deeler on January 03, 2021, 02:53:41 PM
is this perhaps the same issue as: https://forum.opnsense.org/index.php?topic=20516.0 (https://forum.opnsense.org/index.php?topic=20516.0)   ???
Title: Re: Unbound DNSBL - logging blocked queries
Post by: heresjody on January 03, 2021, 02:56:17 PM
Quote from: deeler on January 03, 2021, 02:53:41 PM
is this perhaps the same issue as: https://forum.opnsense.org/index.php?topic=20516.0 (https://forum.opnsense.org/index.php?topic=20516.0)   ???
Can't speak for the TS, but for me personally it's more a feature request or general questions than a specific problem I have.

And yes I had the unbound instability issues with 20.7.7 but thanks to the topic I reverted to the old unbound version weeks ago.
Title: Re: Unbound DNSBL - logging blocked queries
Post by: lar.hed on January 03, 2021, 05:03:26 PM
This is not an answer to Unbound blocklists, it is rather that I currently uses DNScrypt-proxy and it has a logging function just as you request. And DNSBlock lists.

Until I get Unbound to not restart all the time, which is an issue in my config with DNS block lists, I will most likely stick with DNScrypt-proxy. However as soon as Unbound and OPNsense stops with restarts all the time, I will change back to Unbound.
Title: Re: Unbound DNSBL - logging blocked queries
Post by: Fright on January 03, 2021, 08:18:20 PM
QuoteI reverted to the old unbound version weeks ago
looks like patch works well
(https://forum.opnsense.org/index.php?topic=20516.msg95675#msg95675)
on my test vm unpatched version works stable with verbosity level 0 or through DoT forwarder
QuoteDoes anybody have any idea how to check what queries are being blocked by the DNSBL blacklists?
unbound itself not logging "resolved" address(es) at any verb level.
its FR at github for changing "local-data 0.0.0.0" dnsbls records to "local-zone refuse".
i have tested suricata alert for this. works
https://github.com/opnsense/core/issues/4557

Title: Re: Unbound DNSBL - logging blocked queries
Post by: kd.gundermann on July 21, 2022, 02:48:08 PM
Quote from: hfvk on January 01, 2021, 02:47:11 PM
Does anybody have any idea how to check what queries are being blocked by the DNSBL blacklists?

I am new to OPNsense /Unbound and I am looking for an explanation how to read the logs.
E.g. to find:
- Request coming from Client u.v.w.x looking for abc.com blocked by blacklistA
- Request coming from Client u.v.w.x looking for abc.com resolved from cache with 1.2.3.4
- Request coming from Client u.v.w.x looking for abc.com forwarded to 8.8.8.8 and resolved to 1.2.3.4

Is there any way to get this information from unbound ?
Text only | Text with Images