DNSBL and additional features Plugin for Unbound

[sol]

Will there be an option to search logs for blocked sites that a host wanted to visit like in pihole?
In pihole you can filter by blocked and allowed sites in the logs and also easily whitelist blocked sites.

[jmccoy555]

So I just stumbled upon this.... installed the package, ticked all the lists, and it blocked my Outlooks connection to office365..... so it must be working!

Are there any logs generated, how do I know which blacklist has blocked access for example?

Thanks.

[skywalker007]

Yeah - I have also already increased the log level and sent all logs to my syslog server. It got chatty. But still couldn't figure out what's blocked based on which list. That makes it somewhat hard to use.
Nevertheless I use this as a front-line filter at the moment. All non-blocked outbound requests go to an upstream pi-hole which has another set of lists.
But with that architecture I lost all insights on pi-hole as well all requests now come from a single IP. Well...

[hopper]

How can I expand the block-list? I just get a drop-down menu with pre-installed lists

Regards
Rainer

[mimugmail]

There's an open PR which allows manual lists but it's not merged yet, maybe after 20.1

[hopper]

Thanks for your quick answer!

[mimugmail]

You can follow it here: https://github.com/opnsense/plugins/pull/1647

[nylund]

I seem to have a problem with unbound-plus-devel 0.4 since the update from 0.3.

If I enable "Adaway List" and "Easy List" everything is ok.

However, with Stephen Black list unbound does not start (I have not tried them all).

Anyone else who have the same problem or just me?

[mimugmail]

Theres a problem with Domains beginning with numbers .. fix follows

[nylund]

Thanks!

I just saw this https://github.com/opnsense/plugins/pull/1694

[mimugmail]

 ;D

[Drinyth]

Just came across this after playing around with a separate pi-hole for a week or so. I like the pi-hole graphs and data, but do like the idea of having my DNS service running within opnsense itself.

This seems like a better option than having to run both unbound and bind at the same time and forward queries from one to the other. Thanks to everyone involved in this work!

I played around with logging and it does appear harder to get blocked queries out of unbound, though. It's either too verbose, or not verbose enough unfortunately.

[Drinyth]

I just ran into an incident where it looks like unbound was updating its blocklist via cron and then it failed to restart due to an error in dnsbl.conf:

Apr  5 02:01:29 opnsense unbound: [50182:0] error: error parsing local-data at 2 '.text-center A 0.0.0.0': Empty label
Apr  5 02:01:29 opnsense unbound: [50182:0] error: Bad local-data RR .text-center A 0.0.0.0
Apr  5 02:01:29 opnsense unbound: [50182:0] fatal error: Could not set up local zones

This killed the process entirely and my installation was left without a working resolver (which made it appear that the internet was not working).

I checked the downloaded lists that I'm using and didn't see any one with ".text-center" in the same so maybe it's in the processing script someplace? I also noticed that one of my lists (https://hosts-file.net/ad_servers.txt) was giving me a 404 error when I tried just now to see if the offending line was in there. So perhaps a combination of the above failed download and then trying to process that download into the dnsbl.conf file?

In any case, I removed the offending line and unbound restarted normally. Maybe some further checks could be made to ensure that blocklists produce valid configurations? Or maybe a check into the blocklist update script that backs up the previous working config and reverts it if unbound refuses to start after an update (with a warning to take a close look)?

Thank you for your work with this plugin!

[mimugmail]

This is already fixed and will be released with 20.1.4

[tillsense]

Hi,

i still can't find the DOT option according to the plugin description? Am I missing something?

cheers
till