Problems with DNS for PF Sense system.
Problems with DNS for PF Sense system.
You might need to adjust your DNS configuration carefully. Consider switching to Cloudflare and Google as your primary providers, while keeping Squid and PFblockerNG for additional security. Ensure TLS encryption is properly enabled in your DNS settings. Double-check the forward zones and records after saving changes—sometimes saving overwrites defaults. If issues persist, review firewall rules or proxy configurations that could interfere.
PfBlockers DNSBL operates at 10.10.10.1 with a NAT rule mapping ports 80 and 443 to 8081 and 8443. What goal are you trying to reach? The forwarders are listed under System > General, but you shouldn't need to set forwarder addresses in the DNS resolver unless using alternative resolvers beyond the standard settings.
This topic isn't related to cloudflare or pfBlocker DNSBL. It involves a specific external IP address and configuration details about DNS filtering setups.
It employs an unbound resolver, yet the request passes through a 'local loop' before being sent back to the client's DNS query from the device on derp.com. The request is routed via a transparent DNS resolver on pfSense, using a custom DNS resolver configuration at /var/unbound/pfb_dnsbl.*. Queries are forwarded to pfBlocker through 10.10.10.1. Filtering or redirecting depends on the block list. When a result appears in any block, 10.10.10.1 is returned; otherwise, the client receives the valid IP. The response may display an HTTP or HTTPS page showing a DNSBL black page, or an invalid certificate for HTTPS. For pfBlockerNG-devel, adding a redirected result can provide a clearer block indication instead of a blank page.
It's just that DNSBL adds its own host settings, nothing more. I previously had a manual setup of what DNSBL does, which I adapted for pfSense after using OpenWRT. My server requires more tailored rules to identify redirects through certain advertisers—an effort to stop misuse with adblocking. Unbound handles the actual DNS resolution normally, and it functions perfectly with Cloudflare DNS over TLS.
The code you're working with is intended to integrate DNSBL into your external DNS resolver configuration. You've already configured Cloudflare and Google as primary and backup DNS providers. From the dashboard, it seems the setup functions correctly. However, when applying the custom settings, you're encountering an issue where DNS over TLS fails, causing your internet connection to drop.
Telnet won't tell you anything as its not talking TLS. If I run "telnet 1.1.1.1 853" I just get permission denied, but its working perfectly in Unbound. Like I said earlier, try with ONLY Cloudflare servers by replacing 8.8.8.8 with 1.0.0.1. You are trying to use DNS over TLS for a Google server (8.8.8.8) and I can find nothing mentioned online that they support this so its probably failing. If you are wanting DNS over TLS for security then you would need to remove Google and Cloudflare from the main DNS Server settings too so that pfSense will only ever use Unbound. Otherwise it will randomly use standard DNS for pfSense services themselves. I also have a port forwarding rule to force ALL DNS via pfSense, as Google have a tendency to hard-code their DNS server addresses into their Android services.