Bug #10252
closedpfblockerng-devel
0%
Description
The issue I want to address here is with the pfb_dnsbl.conf file. The IPs are incorrect and do not match the VIP I have set for the DNSBL. In my case I change the default DNSBL VIP to 10.100.100.1 in the DNSBL pfblockerng web gui. That works, the VIP is changed to it and all is well, except for the IP listed for BL sites in pfb_dnsbl.conf, they point to an intermediary IP I first changed the DNSBL web gui to 10.10.100.1. I used vi to update pfb_dnsbl.conf IPs to match once I discovered this, it was the cause of slow websites due to timeouts because the DNSBL look-ups returned a non-existent IP, 10.10.100.1, and the browser had to time those out before returning the entire website.
The manual update worked, yes I did attempt to force an update via the DNSBL web gui in everyway I thought possible. Turning it off, turning all of pfblockner off, never did re-install though. My thought was once the VIP was changed, the pfb_dnsbl.conf file would be regenerated with the correct IP. It appears that may have worked the first time, but not the second. Regardless I updated it by hand and all worked well for a few hours, now the IPs are all back to 10.10.100.1 again. Obviously the file is being regenerated, most likely after a refresh of the data from the DNSBL feeds. I could of course script the a work around and probably will, but wanted to see if there's anything else I can check and possibly report a bug.