OPNsense Forum

Archive => 21.1 Legacy Series => Topic started by: n4l0cks on March 29, 2021, 06:46:13 pm

Title: Unbound and Bind DNS services ignore blacklists
Post by: n4l0cks on March 29, 2021, 06:46:13 pm
Hello.

 I have a OPNSense firewall running as my external firewall in my home network. Last week I installed the Bind-DNS service and used its function to block both ad and porn domain name lookups. However, I just realized that it is now allowing a lot of common porn domains to be looked up.

The only thing I can recall to have down is updated my system which I hadn't done in a while (6 months). So, I believe that an update to the system has done something to the DNS-services and their DNSBL-functions.

I used to have Bind but then switched to Unbound today to see if that wasn't bugged but the same thing happens there. I enable DNSBL and it still allows the DNS-lookups.

System info: OPNsense 21.1.3_3-amd64
FreeBSD 12.1-RELEASE-p14-HBSD
OpenSSL 1.1.1j 16 Feb 2021

Using Wireshark I see that it is indeed my FW/Bind/Unbound DNS that answers my queries and I don't have any forwarder enabled on the server. The DNS-service is ignoring the blacklist.
Title: Re: Unbound and Bind DNS services ignore blacklists
Post by: n4l0cks on March 29, 2021, 07:13:14 pm
Not sure what happened but after enabling and disabling rules and continuing testing with Unbound DNS it seems as if it finally works with the blocking.

Might not be too stable at the moment if it behaves likes this for other people as well.