Hi,
I would like to know if there is a way to block DNS redirections(CNAME) for porn sites with pfsense(pfblockerng)? I notice that not all xxx rated pages are blocked even if there are on black/blocked list. The trick - to bypass blockers - that is used by those pages is CNAME with www at the beginning that points to A record with page.
Example bellow(you can find more of these on web):
s3b0@t14 ~ $ dig pornhub.com
; <<>> DiG 9.18.29 <<>> pornhub.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30535
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1432
;; QUESTION SECTION:
;pornhub.com. IN A
;; ANSWER SECTION:
pornhub.com. 60 IN A 10.10.10.1
;; Query time: 8 msec
;; SERVER: 192.168.2.1#53(192.168.2.1) (UDP)
;; WHEN: Sun Jan 19 09:23:50 CET 2025
;; MSG SIZE rcvd: 56
s3b0@t14 ~ $ dig www.pornhub.com
; <<>> DiG 9.18.29 <<>> www.pornhub.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35582
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1432
;; QUESTION SECTION:
;www.pornhub.com. IN A
;; ANSWER SECTION:
www.pornhub.com. 13709 IN CNAME pornhub.com.
pornhub.com. 13709 IN A 66.254.114.41
;; Query time: 6 msec
;; SERVER: 192.168.2.1#53(192.168.2.1) (UDP)
;; WHEN: Sun Jan 19 09:23:54 CET 2025
;; MSG SIZE rcvd: 74
10.10.10.1: is virtual address of pfblockerng web server.
192.168.2.1: is my gateway with pfsense.