Unbound DNSBL - logging blocked queries

[hfvk]

I know this topic has been discussed earlier but I haven’t yet found a solution for this.

So, I am on OPNsense 20.7.7. I am using Unbound and DNSBL to filter DNS queries. I have enabled Advanced Settings / Log Queries and I have also set loglevel to 5. I am not still seeing from the log what queries are being blocked.

Does anybody have any idea how to check what queries are being blocked by the DNSBL blacklists?

[heresjody]

I have to say I’m curious about this as well. Sometimes a certain website doesn’t work anymore and it’s difficult to see wether it’s the firewall, VPN, DoT or DNSBL. Or something completely unrelated. 

[deeler]

is this perhaps the same issue as: https://forum.opnsense.org/index.php?topic=20516.0   

[heresjody]

is this perhaps the same issue as: https://forum.opnsense.org/index.php?topic=20516.0   

Can’t speak for the TS, but for me personally it’s more a feature request or general questions than a specific problem I have.

And yes I had the unbound instability issues with 20.7.7 but thanks to the topic I reverted to the old unbound version weeks ago.

[lar.hed]

This is not an answer to Unbound blocklists, it is rather that I currently uses DNScrypt-proxy and it has a logging function just as you request. And DNSBlock lists.

Until I get Unbound to not restart all the time, which is an issue in my config with DNS block lists, I will most likely stick with DNScrypt-proxy. However as soon as Unbound and OPNsense stops with restarts all the time, I will change back to Unbound.

[Fright]

I reverted to the old unbound version weeks ago

looks like patch works well
(https://forum.opnsense.org/index.php?topic=20516.msg95675#msg95675)
on my test vm unpatched version works stable with verbosity level 0 or through DoT forwarder

Does anybody have any idea how to check what queries are being blocked by the DNSBL blacklists?

unbound itself not logging "resolved" address(es) at any verb level.
its FR at github for changing "local-data 0.0.0.0" dnsbls records to "local-zone refuse".
i have tested suricata alert for this. works
https://github.com/opnsense/core/issues/4557

[kd.gundermann]

Does anybody have any idea how to check what queries are being blocked by the DNSBL blacklists?

I am new to OPNsense /Unbound and I am looking for an explanation how to read the logs.
E.g. to find:
- Request coming from Client u.v.w.x looking for abc.com blocked by blacklistA
- Request coming from Client u.v.w.x looking for abc.com resolved from cache with 1.2.3.4
- Request coming from Client u.v.w.x looking for abc.com forwarded to 8.8.8.8 and resolved to 1.2.3.4

Is there any way to get this information from unbound ?