Unbound DNSBL - logging blocked queries

Started by hfvk, January 01, 2021, 02:47:11 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
January 01, 2021, 02:47:11 PM
I know this topic has been discussed earlier but I haven't yet found a solution for this.

So, I am on OPNsense 20.7.7. I am using Unbound and DNSBL to filter DNS queries. I have enabled Advanced Settings / Log Queries and I have also set loglevel to 5. I am not still seeing from the log what queries are being blocked.

Does anybody have any idea how to check what queries are being blocked by the DNSBL blacklists?
January 03, 2021, 02:51:47 PM #1
I have to say I'm curious about this as well. Sometimes a certain website doesn't work anymore and it's difficult to see wether it's the firewall, VPN, DoT or DNSBL. Or something completely unrelated. 
January 03, 2021, 02:53:41 PM #2
is this perhaps the same issue as: https://forum.opnsense.org/index.php?topic=20516.0   ???
January 03, 2021, 02:56:17 PM #3
Quote from: deeler on January 03, 2021, 02:53:41 PM
is this perhaps the same issue as: https://forum.opnsense.org/index.php?topic=20516.0   ???
Can't speak for the TS, but for me personally it's more a feature request or general questions than a specific problem I have.

And yes I had the unbound instability issues with 20.7.7 but thanks to the topic I reverted to the old unbound version weeks ago.
January 03, 2021, 05:03:26 PM #4
This is not an answer to Unbound blocklists, it is rather that I currently uses DNScrypt-proxy and it has a logging function just as you request. And DNSBlock lists.

Until I get Unbound to not restart all the time, which is an issue in my config with DNS block lists, I will most likely stick with DNScrypt-proxy. However as soon as Unbound and OPNsense stops with restarts all the time, I will change back to Unbound.
January 03, 2021, 08:18:20 PM #5 Last Edit: January 04, 2021, 02:49:29 PM by Fright
QuoteI reverted to the old unbound version weeks ago
looks like patch works well
(https://forum.opnsense.org/index.php?topic=20516.msg95675#msg95675)
on my test vm unpatched version works stable with verbosity level 0 or through DoT forwarder
QuoteDoes anybody have any idea how to check what queries are being blocked by the DNSBL blacklists?
unbound itself not logging "resolved" address(es) at any verb level.
its FR at github for changing "local-data 0.0.0.0" dnsbls records to "local-zone refuse".
i have tested suricata alert for this. works
https://github.com/opnsense/core/issues/4557

July 21, 2022, 02:48:08 PM #6
Quote from: hfvk on January 01, 2021, 02:47:11 PM
Does anybody have any idea how to check what queries are being blocked by the DNSBL blacklists?

I am new to OPNsense /Unbound and I am looking for an explanation how to read the logs.
E.g. to find:
- Request coming from Client u.v.w.x looking for abc.com blocked by blacklistA
- Request coming from Client u.v.w.x looking for abc.com resolved from cache with 1.2.3.4
- Request coming from Client u.v.w.x looking for abc.com forwarded to 8.8.8.8 and resolved to 1.2.3.4

Is there any way to get this information from unbound ?
Print
Go Up Pages1
User actions