I use unbound in resolver mode and for blocklist i use the URL method to download https://dbl.oisd.nl/.
I see in the log that it is downloading "blocklist download https://dbl.oisd.nl/ (lines: 980762 exclude: 0 block: 980754)"
But sites in the list are not being blocked. This had worked prior to the update.
I have the same issue with Unbound.
Workaround is to disable the blocklist in unbound (but keep unbound enabled), and setup a different blocker on virtual server, and point internal requests to that. Right now it will go from *hole > unbound > 1.1.1.1
any clue in unbound logs?
I don't see anything in the logs. All indications are it is downloading list, etc but just not blocking. Dns lookup of a site on the list provides the actual ip.
My solution has been to turn off the blocklist and use forwarding to nextDNS.
sorry, nothing to hook on for debugging.
unbound blocklists work has been migrated to the python module, which (imho) should give a speed gain (no blocklist load to unbound ) and very interesting prospects for logging\analyzing blocked addresses lookups..
since this just happened, there may be a conflict with some (custom?) settings. perhaps enabling debug logging and/or query logging would help..
I turned on the logging. I did a lookup of a site (oh93.com.) that is in the blocklist. Can see in the log it resolved.
Filtering on oh93.com
2022-12-05T09:43:48-08:00 Informational unbound [44112:0] reply: 2603:8001:2701:b120:a0b0:a26e:99d0:2827 oh93.com. AAAA IN NOERROR 0.070674 0 54
2022-12-05T09:43:48-08:00 Informational unbound [44112:0] info: dns64 operate: query oh93.com. AAAA IN
2022-12-05T09:43:48-08:00 Informational unbound [44112:0] info: dns64 operate: query oh93.com. A IN
2022-12-05T09:43:48-08:00 Informational unbound [44112:0] info: validator operate: query oh93.com. A IN
2022-12-05T09:43:48-08:00 Informational unbound [44112:0] info: finishing processing for oh93.com. A IN
2022-12-05T09:43:48-08:00 Informational unbound [44112:0] info: resolving oh93.com. A IN
2022-12-05T09:43:48-08:00 Informational unbound [44112:0] info: validator operate: query oh93.com. A IN
2022-12-05T09:43:48-08:00 Informational unbound [44112:0] info: dns64 operate: query oh93.com. A IN
2022-12-05T09:43:48-08:00 Informational unbound [44112:0] info: dns64 operate: query oh93.com. AAAA IN
2022-12-05T09:43:48-08:00 Informational unbound [44112:0] info: validator operate: query oh93.com. AAAA IN
2022-12-05T09:43:48-08:00 Informational unbound [44112:0] info: finishing processing for oh93.com. AAAA IN
2022-12-05T09:43:48-08:00 Informational unbound [44112:0] info: reply from <oh93.com.> 204.11.56.26#53
2022-12-05T09:43:48-08:00 Informational unbound [44112:0] info: response for oh93.com. AAAA IN
2022-12-05T09:43:48-08:00 Informational unbound [44112:0] info: iterator operate: query oh93.com. AAAA IN
2022-12-05T09:43:48-08:00 Debug unbound [44112:0] debug: sending to target: <oh93.com.> 204.11.56.26#53
2022-12-05T09:43:48-08:00 Informational unbound [44112:0] info: sending query: oh93.com. AAAA IN
2022-12-05T09:43:48-08:00 Informational unbound [44112:0] info: processQueryTargets: oh93.com. AAAA IN
2022-12-05T09:43:48-08:00 Informational unbound [44112:0] info: response for oh93.com. AAAA IN
2022-12-05T09:43:48-08:00 Informational unbound [44112:0] info: iterator operate: query oh93.com. AAAA IN
2022-12-05T09:43:48-08:00 Informational unbound [44112:0] info: sending query: oh93.com. AAAA IN
2022-12-05T09:43:48-08:00 Informational unbound [44112:0] info: processQueryTargets: oh93.com. AAAA IN
2022-12-05T09:43:48-08:00 Informational unbound [44112:0] info: processQueryTargets: oh93.com. AAAA IN
2022-12-05T09:43:48-08:00 Informational unbound [44112:0] info: resolving (init part 3): oh93.com. AAAA IN
2022-12-05T09:43:48-08:00 Informational unbound [44112:0] info: resolving (init part 2): oh93.com. AAAA IN
2022-12-05T09:43:48-08:00 Informational unbound [44112:0] info: resolving oh93.com. AAAA IN
2022-12-05T09:43:48-08:00 Informational unbound [44112:0] info: validator operate: query oh93.com. AAAA IN
2022-12-05T09:43:48-08:00 Informational unbound [44112:0] info: dns64 operate: query oh93.com. AAAA IN
2022-12-05T09:43:48-08:00 Informational unbound [44112:0] query: 2603:8001:2701:b120:a0b0:a26e:99d0:2827 oh93.com. AAAA IN
2022-12-05T09:43:48-08:00 Informational unbound [44112:3] reply: 2603:8001:2701:b120:a0b0:a26e:99d0:2827 oh93.com. A IN NOERROR 0.155916 0 42
2022-12-05T09:43:48-08:00 Informational unbound [44112:3] info: dns64 operate: query oh93.com. A IN
2022-12-05T09:43:48-08:00 Informational unbound [44112:3] info: validator operate: query oh93.com. A IN
2022-12-05T09:43:48-08:00 Informational unbound [44112:3] info: dns64 operate: query oh93.com. DS IN
2022-12-05T09:43:48-08:00 Informational unbound [44112:3] info: validator operate: query oh93.com. DS IN
2022-12-05T09:43:48-08:00 Informational unbound [44112:3] info: finishing processing for oh93.com. DS IN
2022-12-05T09:43:48-08:00 Informational unbound [44112:3] info: response for oh93.com. DS IN
2022-12-05T09:43:48-08:00 Informational unbound [44112:3] info: iterator operate: query oh93.com. DS IN
2022-12-05T09:43:48-08:00 Informational unbound [44112:3] info: sending query: oh93.com. DS IN
2022-12-05T09:43:48-08:00 Informational unbound [44112:3] info: processQueryTargets: oh93.com. DS IN
2022-12-05T09:43:48-08:00 Informational unbound [44112:3] info: resolving (init part 3): oh93.com. DS IN
2022-12-05T09:43:48-08:00 Informational unbound [44112:3] info: resolving (init part 2): oh93.com. DS IN
2022-12-05T09:43:48-08:00 Informational unbound [44112:3] info: resolving oh93.com. DS IN
2022-12-05T09:43:48-08:00 Informational unbound [44112:3] info: validator operate: query oh93.com. DS IN
2022-12-05T09:43:48-08:00 Informational unbound [44112:3] info: dns64 operate: query oh93.com. DS IN
2022-12-05T09:43:48-08:00 Informational unbound [44112:3] info: validator operate: query oh93.com. A IN
2022-12-05T09:43:48-08:00 Informational unbound [44112:3] info: finishing processing for oh93.com. A IN
2022-12-05T09:43:48-08:00 Informational unbound [44112:3] info: reply from <oh93.com.> 204.11.56.26#53
2022-12-05T09:43:48-08:00 Informational unbound [44112:3] info: response for oh93.com. A IN
2022-12-05T09:43:48-08:00 Informational unbound [44112:3] info: iterator operate: query oh93.com. A IN
2022-12-05T09:43:48-08:00 Debug unbound [44112:3] debug: sending to target: <oh93.com.> 204.11.56.26#53
2022-12-05T09:43:48-08:00 Informational unbound [44112:3] info: sending query: oh93.com. A IN
2022-12-05T09:43:48-08:00 Informational unbound [44112:3] info: processQueryTargets: oh93.com. A IN
2022-12-05T09:43:48-08:00 Informational unbound [44112:3] info: response for oh93.com. A IN
2022-12-05T09:43:48-08:00 Informational unbound [44112:3] info: iterator operate: query oh93.com. A IN
2022-12-05T09:43:48-08:00 Informational unbound [44112:3] info: sending query: oh93.com. A IN
2022-12-05T09:43:48-08:00 Informational unbound [44112:3] info: processQueryTargets: oh93.com. A IN
2022-12-05T09:43:48-08:00 Informational unbound [44112:3] info: resolving (init part 3): oh93.com. A IN
2022-12-05T09:43:48-08:00 Informational unbound [44112:3] info: resolving (init part 2): oh93.com. A IN
2022-12-05T09:43:48-08:00 Informational unbound [44112:3] info: resolving oh93.com. A IN
2022-12-05T09:43:48-08:00 Informational unbound [44112:3] info: validator operate: query oh93.com. A IN
2022-12-05T09:43:48-08:00 Informational unbound [44112:3] info: dns64 operate: query oh93.com. A IN
2022-12-05T09:43:48-08:00 Informational unbound [44112:3] query: 2603:8001:2701:b120:a0b0:a26e:99d0:2827 oh93.com. A IN
Quotedns64 operate
hah..may be..
turning dns64 off seems to fix it
yep. looks like a little typo in unbound.inc that sets dns64 module ahead of python..
i'll try to suggest something
@IsaacFL
how about
opnsense-patch -a kulikov-a 9bc7032
then enable DNS64, save, apply? (with client cache clearing of course)
(the patch always puts the python module first in the module list)
I just applied patch, and it seems to have fixed it.
great, thanks for the feedback!
I have not enabled dns64, but experienced this issue after update.
I 'cleared it' by reloading the block list, in the past there was a message stating the number of records dowbloaded.
I also added a url https://block.energized.pro/ultimate/formats/domains.txt to see if that fixed it.
Today there was a power outage, so when the power came back, a cold restart was required.
The lack of blocking issue returned.
I pressed the apply button, no message and the little wheel indicator momentarily displayed.
I pressed apply again and the indicator was visible for longer, and behold after clearing the browser cache, no more adverts.
I did search this board and this phenomena occurred in the past.
The upgrade release notes mention this
unbound: rework DNSBL implementation to Python module
QuoteI pressed apply again and
no need to hit button twice - the result will not be better (at least)
you can go to logs and see the blocklists download process ("blocklist download.." records )
if there are errors in the py-module operation, they will also be in the unbound log
Quote from: aimdev on December 06, 2022, 07:34:46 PM
I have not enabled dns64, but experienced this issue after update.
I 'cleared it' by reloading the block list, in the past there was a message stating the number of records dowbloaded.
I also added a url https://block.energized.pro/ultimate/formats/domains.txt to see if that fixed it.
Today there was a power outage, so when the power came back, a cold restart was required.
The lack of blocking issue returned.
I pressed the apply button, no message and the little wheel indicator momentarily displayed.
I pressed apply again and the indicator was visible for longer, and behold after clearing the browser cache, no more adverts.
I did search this board and this phenomena occurred in the past.
The upgrade release notes mention this
unbound: rework DNSBL implementation to Python module
I don't know if this is your issue, but earlier this week the energized list was down. So you might try a different list to verify.
@IsaacFL
Another cold start resulted in the same procedure being carried out to get blocking working.
The energised list was not used.
The log files do not show any errors.
I agree with the statement Unbound blocklist does not seem to be working since update to 22.7.9