[x] I have searched the existing issues, open and closed, and I'm convinced that mine is new.
[x] The title contains the plugin to which this issue belongs
Describe the bug
Since OPNsense version 24.7.8 (or os-bind version 1.33 respectively), the DNS blocklists are not evaluated anymore. Even though the bind service is running and DNSBL is enabled, they are not blocked anymore.
I noticed this, after I updated my OPNsense instance from 24.7.7 to 24.7.8 yesterday. Unfortunately, I can not revert to os-bind 1.32, with opnsense-revert, as the package is not available from the repo.
To Reproduce
Steps to reproduce the behavior:
When performing a DNS lookup on known domains which contain ads, the response contains the IP address of the target server instead of getting blocked:
$ dig doubleclick.net @<FIREWALL-IP> +noall +answer
doubleclick.net. 188 IN A 142.250.203.110
$ dig googleads.g.doubleclick.net @<FIREWALL-IP> +noall +answer
googleads.g.doubleclick.net. 144 IN A 142.250.185.162
Expected behavior
Expected behavior would be (using AdGuard DNS as reference):
$ dig doubleclick.net @94.140.14.14 +noall +answer
doubleclick.net. 3600 IN A 0.0.0.0
$ dig googleads.g.doubleclick.net @94.140.14.14 +noall +answer
googleads.g.doubleclick.net. 3600 IN A 0.0.0.0
Screenshots
The configuration tells, that the service is up and running:
Relevant log files
The last blocks happened before the update on 11/14/2024:
Now the domains are resolved and not blocked anymore:
Environment
OPNsense 24.7.8 (amd64) (virtualized on Proxmox PVE 8.2.7)
4vCPU (AMD Ryzen 7 3700x)
2 GB RAM
40 GB Disk space
Important notices Before you add a new report, we ask you kindly to acknowledge the following:
Describe the bug Since OPNsense version 24.7.8 (or os-bind version 1.33 respectively), the DNS blocklists are not evaluated anymore. Even though the bind service is running and DNSBL is enabled, they are not blocked anymore.
I noticed this, after I updated my OPNsense instance from 24.7.7 to 24.7.8 yesterday. Unfortunately, I can not revert to os-bind 1.32, with
opnsense-revert, as the package is not available from the repo.To Reproduce Steps to reproduce the behavior:
When performing a DNS lookup on known domains which contain ads, the response contains the IP address of the target server instead of getting blocked:
Expected behavior Expected behavior would be (using AdGuard DNS as reference):
Screenshots The configuration tells, that the service is up and running:
Relevant log files The last blocks happened before the update on 11/14/2024:
Now the domains are resolved and not blocked anymore:
Environment OPNsense 24.7.8 (amd64) (virtualized on Proxmox PVE 8.2.7) 4vCPU (AMD Ryzen 7 3700x) 2 GB RAM 40 GB Disk space