The issue I want to address here is with the pfb_dnsbl.conf file. The IPs are incorrect and do not match the VIP I have set for the DNSBL. In my case I change the default DNSBL VIP to 10.100.100.1 in the DNSBL pfblockerng web gui. That works, the VIP is changed to it and all is well, except for the IP listed for BL sites in pfb_dnsbl.conf, they point to an intermediary IP I first changed the DNSBL web gui to 10.10.100.1. I used vi to update pfb_dnsbl.conf IPs to match once I discovered this, it was the cause of slow websites due to timeouts because the DNSBL look-ups returned a non-existent IP, 10.10.100.1, and the browser had to time those out before returning the entire website.
The manual update worked, yes I did attempt to force an update via the DNSBL web gui in everyway I thought possible. Turning it off, turning all of pfblockner off, never did re-install though. My thought was once the VIP was changed, the pfb_dnsbl.conf file would be regenerated with the correct IP. It appears that may have worked the first time, but not the second. Regardless I updated it by hand and all worked well for a few hours, now the IPs are all back to 10.10.100.1 again. Obviously the file is being regenerated, most likely after a refresh of the data from the DNSBL feeds. I could of course script the a work around and probably will, but wanted to see if there's anything else I can check and possibly report a bug.
#1 Updated by BBcan177 . about 1 year ago
When you change the DNSBL VIP a Force Update will not change the Sinkhole'd IPs already established in the pfb_dnsbl.conf file. It would only change Feeds that were downloaded in the Force Update that was run.
You would need to run a Force Reload which would reload all of the Feeds and change the Sinkhole'd IP accordingly.
#2 Updated by Chris Roadfeldt about 1 year ago
Grimson Gretzleburg wrote:
Quote from the VIP section of the DNSBL Webserver Config:
Changes to the DNSBL VIP will require a Force Reload - DNSBL to take effect.
So next time go to the Update tab and do just that.
Ok, so I was going to write about how I did that several times. But it's obvious that I must have done it for the first VIP change and not the second as I changed the files in /var/db/pfblockerng by hand using sed and that resolved the problem. I then changed back to 10.10.100.X and hit forced reload, issue returned, obviously. Then I changed back to 10.100.100.X via the gui and did a force reload, issue gone.
Please close this. It certainly appears that I did not RTFM enough times. ;) Thanks!