I followed this tutorial
But I changed the pfsense default 10.10.10.1 to 172.16.0.1 to stay out of the 10.x.x.x CIDR range.
I do not get the warning page at the videos 8:26 mark when visiting a site listed on one of my dnsbl lists, i get a “potential DNS rebinding attack detected” message. Is my dnsbl setup correctly?
So I’m just trying to understand your post. Did you have DNSBL setup and it was working and then you wanted to do DNS over TLS and also changed the network and it broke?
Egg on my face, I’m not entirely sure my DNSBL has ever worked. Assuming it has as the dashboard panel has some activity-
New users can only post one pic at a time, so next post…
I also did not do the URL check Lawrence did before switching to TLS DNS, but curious if I have something configured wrong because instead of this:
I copy over a URL from one of the lists I have loaded and get this:
I’m assuming this part of the GUI:
Replaces the need to put into custom options below that:
server:
forward-zone:
name: "."
forward-ssl-upstream: yes
forward-addr: 1.1.1.1@853
forward-addr: 1.0.0.1@853
My DNS over TLS looks good, pfTop shows dest 1.1.1.1 and 1.0.0.1 going over port 853.
Do you have a different port you access your pfsense on instead of the normal 80 or 443?
Also do you have an alternative dns name you are using to access the pfsense box?
no and no, all default.
ok so in System --> General Setup --> “Disable DNS Forwarder”. Do you have this checked?
I do not.
Also should mention I run OpenVPN so I have NAT settings other than default:
Outbound: Automatic outbound NAT (actually reading documentation right now, I guess this is default)
1:1 has an old rule I have dissabled.
I have some port forwarding for a hassio VM that is not even up and running right now, and below that is the 8081 and 8443 for pfB DNSBL - DO NOT EDIT
ok, enable that bad boy and try that blocked site again.
oh and go ahead and add your gateway to the config as well. It should only be the 1 option.
Crud, same results. Even tried a different URL in case of some caching.
Went to System > Advanced > Firewall & NAT and remembered that is where I think my NAT changes were, I have “NAT Reflection mode for port forwards” set to Pure NAT. This made it so I could access IPs on my LAN when I VPN’ed in.
I have Enable NAT Reflection for 1:1 NAT checked
and Enable automatic outbound NAT for Reflection checked.
Sorry @xMAXIMUSx I’m not ghosting, I have hit the max replies for a newb, have to wait 24 hours.
Hmmm 
. Do you have “DNS Query Forwarding” enabled in Services --> DNS Resolver --> General Settings
Do you have DNS Server Override enabled?
What is your DNS IP?
Sorry for all of the probing of questions
Look at this here and we can look at it tomorrow
https://docs.netgate.com/pfsense/en/latest/nat/accessing-port-forwards-from-local-networks.html
(when is one no longer a newb and can post freely?)
I did have DNS Sever Override enabled- I have played with a mix and match of enabling and dissabling DNS Server Override and Disabled DNS Forwarder.
DNS IP is my pfsense router IP, 192.169.1.1
Very frustrating. I think the only difference with my setup and a vanilla lab setup for demonstration is:
I am running Snort as an IDS
Snort Barynard enabled to send logs out
Syslog setup to send logs out
OpenVPN so that I can remote into home when necessary
I remember playing around with a lot of NAT settings when I used to host a website, those NAT rules are current disabled.
When I navigate to one of those bad URLs, and I get this potential rebind attack, its because its trying to redirect back to 192.168.1.1 right? And not 10.10.10.1 (I changed it back to default).
Or is this because I’m running 2.1.4_22 and not the pfBlockerNG_devel build?
I’m not sure what combo I’ve done, between countless check boxes in different menu’s, rebooting my box etc but I do get nslookups of these bad URLs to return Addresses 172.16.0.1 and 10.10.10.1, and the bad URL is just a blank black screen in my browser.
