OPNsense Forum
Archive => 23.1 Legacy Series => Topic started by: dumbo on February 21, 2023, 03:09:35 pm
-
Hi,
would be nice if you could check, if the whitelisting feature is broken?
For me if I whitelist some domain within unbound reporting tool nothing happens and the domain is not whitelisted within Services > Unbound DNS > Blocklist > Whitelist Domains
In an earlier version it was working without any issues.
-
Works as intended for me.
-
Ok. Thx for your feedback.
Did you do it direct from the unbound reporting website or within unbound section?
See screenshot. If I click whitelist there nothing does happen.
-
Hi!
works fine from overview page for me
does the spinner appear after the button click?
Can you see in the browser console that the request is leaving (network tab)?
what is the result of sending the request (need to wait a bit, because the action causes a new dnbls download)
-
does the spinner appear after the button click?
Can you see in the browser console that the request is leaving (network tab)?
Hi.
- spinner does not appear
- looks like nothing does happen when clicking the button (tried it with several browsers).
-
I do also get a lot of errors within unbound logs.
-
Hi,
no one else does have those issues from your side?
I tried to reinstall OPNsense but the issue is still there.
No chance to whitelist/blacklist with unbound reporting tool site.
-
Hi
would be interesting to know the browser dev console messages (if any) when opening the /ui/unbound/overview page and click the Details tab.
and is the errors in unbound log is still there?
-
Hi. Errors gone after reinstall the day.
But the issue is still there. Tried what you say.
If I do inspect I get the following details:
- https://IPADDRESS:10443/api/unbound/settings/updateBlocklist (Request method POST, Status Code 200,
- Preview and Respone I get there are : {"status":"failed"}
Again no spinner, direct change of the icon (but nothing happens within white- and blacklists at all).
EDIT: The only errors I get within unbound log at the moment are:
Error unbound [01234567:0] error: remote control failed ssl crypto error:00000000:lib(0):func(0):reason(0)
EDIT2:
FYI: Within the first release of 23.1 the white- and blacklisting worked without any issues. Problem occured with updated unbound reporting version.
-
interesting..
and can you look at Request Payload? whether it contains domain and type values? (trying to figure out if the issue is on client side or backend side)
-
Request Payload (example what it's showing for try to whitelist metrics.icloud.com):
{"domain":"metrics.icloud.com.","type":"whitelists"}
-
got it, thanks
i thought that the issue was on the client side (because of 'no spinner icon'). not sure now.
will try to reproduce
-
will try to reproduce
Thx. Something must have changed from orig. 23.1 OPNsense Image as it has worked in earlier version.
-
sorry, more info needed: after that the domain does not appear in the Whitelist Domains list at ui/unbound/dnsbl/index? are there any errors in the backend or general log after that?
Something must have changed from orig. 23.1
this part is intensively developed as far as i can see. therefore changes are many and often
-
sorry, more info needed: after that the domain does not appear in the Whitelist Domains list at ui/unbound/dnsbl/index? are there any errors in the backend or general log after that?
No error within general log (checked all categories)
No error within backend log (only showing notice of configd.py with show log / fetch query details / show log)
-
hm. i can reproduce this BUT only with the domains allready block\white-listed (that is, with those that are not actually added to the list, but are removed from the opposite). can you confirm this?
(and the spinner simply does not have time to appear because the refusal comes very quickly)
-
Cannot confirm this. It does never work. Even with items, which are not within any block- and or whitelist.
-
got it, thanks.
test with
opnsense-patch -a kulikov-a b810d61please
-
test with
Works as it should! Thx a lot.
-
great! :)
-
perfect.
What do I have to do, when an official patch comes out? Do I have to revert your patch?
What does that -a mean in general?
-
What does that -a mean in general?
that the patch comes from some outside dude's repository ;)
https://docs.opnsense.org/manual/opnsense_tools.html#id2
What do I have to do, when an official patch comes out? Do I have to revert your patch?
depends on what the official patch will be. if it differs from the proposed one (https://github.com/opnsense/core/pull/6360), then it will be necessary to revert this one, yes
-
Thanks for the links and the feedback.
And if I have to revert it, I simply use the same code again?
-
Hi.
Found now, that the developers did work on it and there is a patch:
https://github.com/opnsense/core/commit/f394a78f61fbae57df26d04a7d4baf11902f2d02
What do I have to do now, that it works?
-
I have the same issue.
-
@dumbo
hi
its exactly the patch you applied. can do nothing. I guess it will be in the next release
@alex303
opnsense-patch f394a78
-
Hello,
I am seeing blacklisted domains in the "Top passed domains" list. Their button/icon is adequate ("Whitelist domain") but shouldn't they appear in the "Top blocked domains" instead?
Am I missing something?
Thanks for this nice new module, and for your help!
Regards