Zoom Blocked, Completely Stumped.
-
If you are running pfBlocker with DNS-BL you will see the Unbound custom option:
server:include: /var/unbound/pfb_dnsbl.*confIf you don't see that then Unbound should not be blocking anything. I would suspect something still cached if that's the case.
Steve
-
@stephenw10 Thanks Steve. Maybe it got removed after I had turned off DNSBL and rebooted. I edited my last post with an update with further troubleshooting.
-
Can you dig against that server dircetly? It fails for me:
[2.6.0-RELEASE][admin@cedev-3.stevew.lan]/root: dig @205.251.195.120 zoom.com ; <<>> DiG 9.16.23 <<>> @205.251.195.120 zoom.com ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 60758 ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 ;; WARNING: recursion requested but not available ;; QUESTION SECTION: ;zoom.com. IN A ;; Query time: 16 msec ;; SERVER: 205.251.195.120#53(205.251.195.120) ;; WHEN: Tue Mar 15 21:01:52 GMT 2022 ;; MSG SIZE rcvd: 26But succeeds against, for example, 8.8.8.8:
[2.6.0-RELEASE][admin@cedev-3.stevew.lan]/root: dig @8.8.8.8 zoom.com ; <<>> DiG 9.16.23 <<>> @8.8.8.8 zoom.com ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42464 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 512 ;; QUESTION SECTION: ;zoom.com. IN A ;; ANSWER SECTION: zoom.com. 60 IN A 170.114.0.12 ;; Query time: 14 msec ;; SERVER: 8.8.8.8#53(8.8.8.8) ;; WHEN: Tue Mar 15 21:02:15 GMT 2022 ;; MSG SIZE rcvd: 53 -
@stephenw10 You used the wrong domain. It's zoom.us, not, zoom.com. And yes, dig works:
; <<>> DiG 9.16.23 <<>> @205.251.195.120 zoom.us ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32856 ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 1 ;; WARNING: recursion requested but not available ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;zoom.us. IN A ;; ANSWER SECTION: zoom.us. 60 IN A 170.114.10.83 ;; AUTHORITY SECTION: zoom.us. 172800 IN NS ns-1137.awsdns-14.org. zoom.us. 172800 IN NS ns-1772.awsdns-29.co.uk. zoom.us. 172800 IN NS ns-387.awsdns-48.com. zoom.us. 172800 IN NS ns-888.awsdns-47.net. ;; Query time: 7 msec ;; SERVER: 205.251.195.120#53(205.251.195.120) ;; WHEN: Tue Mar 15 17:33:18 EDT 2022 ;; MSG SIZE rcvd: 192; <<>> DiG 9.16.23 <<>> @8.8.8.8 zoom.us ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29463 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 512 ;; QUESTION SECTION: ;zoom.us. IN A ;; ANSWER SECTION: zoom.us. 60 IN A 170.114.10.89 ;; Query time: 16 msec ;; SERVER: 8.8.8.8#53(8.8.8.8) ;; WHEN: Tue Mar 15 17:21:46 EDT 2022 ;; MSG SIZE rcvd: 52No problem reaching it from my phone through data. Also had no issue reaching it with a laptop plugged directly into my Verizon ONT.
-
@dma_pf said in Zoom Blocked, Completely Stumped.:
;; ANSWER SECTION:
zoom.us. 60 IN A 170.114.10.8960 second TTL - that is just horrible of them..
These are the NS for that domain.
;; QUESTION SECTION: ;zoom.us. IN NS ;; ANSWER SECTION: zoom.us. 86400 IN NS ns-1772.awsdns-29.co.uk. zoom.us. 86400 IN NS ns-387.awsdns-48.com. zoom.us. 86400 IN NS ns-888.awsdns-47.net. zoom.us. 86400 IN NS ns-1137.awsdns-14.org.You should be able to query any of those directly
$ dig @ns-387.awsdns-48.com zoom.us ; <<>> DiG 9.16.26 <<>> @ns-387.awsdns-48.com zoom.us ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17927 ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 1 ;; WARNING: recursion requested but not available ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;zoom.us. IN A ;; ANSWER SECTION: zoom.us. 60 IN A 170.114.10.69 ;; AUTHORITY SECTION: zoom.us. 172800 IN NS ns-1137.awsdns-14.org. zoom.us. 172800 IN NS ns-1772.awsdns-29.co.uk. zoom.us. 172800 IN NS ns-387.awsdns-48.com. zoom.us. 172800 IN NS ns-888.awsdns-47.net. ;; Query time: 24 msec ;; SERVER: 205.251.193.131#53(205.251.193.131) ;; WHEN: Tue Mar 15 16:29:43 Central Daylight Time 2022 ;; MSG SIZE rcvd: 192If your having a problem resolving anything specific - its best do a trace to see where it might be failing..
[22.01-RELEASE][admin@sg4860.local.lan]/: dig zoom.us +trace +nodnssec ; <<>> DiG 9.16.23 <<>> zoom.us +trace +nodnssec ;; global options: +cmd . 70603 IN NS f.root-servers.net. . 70603 IN NS l.root-servers.net. . 70603 IN NS e.root-servers.net. . 70603 IN NS h.root-servers.net. . 70603 IN NS g.root-servers.net. . 70603 IN NS k.root-servers.net. . 70603 IN NS i.root-servers.net. . 70603 IN NS j.root-servers.net. . 70603 IN NS b.root-servers.net. . 70603 IN NS a.root-servers.net. . 70603 IN NS m.root-servers.net. . 70603 IN NS c.root-servers.net. . 70603 IN NS d.root-servers.net. ;; Received 239 bytes from 127.0.0.1#53(127.0.0.1) in 0 ms us. 172800 IN NS b.cctld.us. us. 172800 IN NS f.cctld.us. us. 172800 IN NS k.cctld.us. us. 172800 IN NS w.cctld.us. us. 172800 IN NS x.cctld.us. us. 172800 IN NS y.cctld.us. ;; Received 402 bytes from 199.7.91.13#53(d.root-servers.net) in 32 ms zoom.us. 7200 IN NS ns-387.awsdns-48.com. zoom.us. 7200 IN NS ns-1137.awsdns-14.org. zoom.us. 7200 IN NS ns-888.awsdns-47.net. zoom.us. 7200 IN NS ns-1772.awsdns-29.co.uk. ;; Received 176 bytes from 2001:dcd:3::15#53(y.cctld.us) in 36 ms zoom.us. 60 IN A 170.114.10.69 zoom.us. 172800 IN NS ns-1137.awsdns-14.org. zoom.us. 172800 IN NS ns-1772.awsdns-29.co.uk. zoom.us. 172800 IN NS ns-387.awsdns-48.com. zoom.us. 172800 IN NS ns-888.awsdns-47.net. ;; Received 192 bytes from 205.251.198.236#53(ns-1772.awsdns-29.co.uk) in 13 ms [22.01-RELEASE][admin@sg4860.local.lan]/:I added the +nodnssec just to make it easier to read, otherwise it adds that info that distracts from the actual trace.
The trace would show you where your failing to talk to in the line talking down from roots..
-
@johnpoz Here you go guys. Thank You so much for your help! This has been driving me nuts all day.
Shell Output - dig @ns-1772.awsdns-29.co.uk. zoom.us ; <<>> DiG 9.16.23 <<>> @ns-1772.awsdns-29.co.uk. zoom.us ; (2 servers found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40130 ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 1 ;; WARNING: recursion requested but not available ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;zoom.us. IN A ;; ANSWER SECTION: zoom.us. 60 IN A 170.114.10.71 ;; AUTHORITY SECTION: zoom.us. 172800 IN NS ns-1137.awsdns-14.org. zoom.us. 172800 IN NS ns-1772.awsdns-29.co.uk. zoom.us. 172800 IN NS ns-387.awsdns-48.com. zoom.us. 172800 IN NS ns-888.awsdns-47.net. ;; Query time: 15 msec ;; SERVER: 205.251.198.236#53(205.251.198.236) ;; WHEN: Tue Mar 15 17:46:42 EDT 2022 ;; MSG SIZE rcvd: 192; <<>> DiG 9.16.23 <<>> @ns-387.awsdns-48.com zoom.us ; (2 servers found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63016 ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 1 ;; WARNING: recursion requested but not available ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;zoom.us. IN A ;; ANSWER SECTION: zoom.us. 60 IN A 170.114.10.69 ;; AUTHORITY SECTION: zoom.us. 172800 IN NS ns-1137.awsdns-14.org. zoom.us. 172800 IN NS ns-1772.awsdns-29.co.uk. zoom.us. 172800 IN NS ns-387.awsdns-48.com. zoom.us. 172800 IN NS ns-888.awsdns-47.net. ;; Query time: 4 msec ;; SERVER: 205.251.193.131#53(205.251.193.131) ;; WHEN: Tue Mar 15 17:40:16 EDT 2022 ;; MSG SIZE rcvd: 192; <<>> DiG 9.16.23 <<>> @ns-888.awsdns-47.net. zoom.us ; (2 servers found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31356 ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 1 ;; WARNING: recursion requested but not available ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;zoom.us. IN A ;; ANSWER SECTION: zoom.us. 60 IN A 170.114.10.74 ;; AUTHORITY SECTION: zoom.us. 172800 IN NS ns-1137.awsdns-14.org. zoom.us. 172800 IN NS ns-1772.awsdns-29.co.uk. zoom.us. 172800 IN NS ns-387.awsdns-48.com. zoom.us. 172800 IN NS ns-888.awsdns-47.net. ;; Query time: 5 msec ;; SERVER: 205.251.195.120#53(205.251.195.120) ;; WHEN: Tue Mar 15 17:48:23 EDT 2022 ;; MSG SIZE rcvd: 192; <<>> DiG 9.16.23 <<>> @ns-1137.awsdns-14.org. zoom.us ; (2 servers found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4091 ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 1 ;; WARNING: recursion requested but not available ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;zoom.us. IN A ;; ANSWER SECTION: zoom.us. 60 IN A 170.114.10.80 ;; AUTHORITY SECTION: zoom.us. 172800 IN NS ns-1137.awsdns-14.org. zoom.us. 172800 IN NS ns-1772.awsdns-29.co.uk. zoom.us. 172800 IN NS ns-387.awsdns-48.com. zoom.us. 172800 IN NS ns-888.awsdns-47.net. ;; Query time: 14 msec ;; SERVER: 205.251.196.113#53(205.251.196.113) ;; WHEN: Tue Mar 15 17:50:38 EDT 2022 ;; MSG SIZE rcvd: 192; <<>> DiG 9.16.23 <<>> zoom.us +trace +nodnssec ;; global options: +cmd . 80408 IN NS h.root-servers.net. . 80408 IN NS i.root-servers.net. . 80408 IN NS j.root-servers.net. . 80408 IN NS k.root-servers.net. . 80408 IN NS l.root-servers.net. . 80408 IN NS m.root-servers.net. . 80408 IN NS a.root-servers.net. . 80408 IN NS b.root-servers.net. . 80408 IN NS c.root-servers.net. . 80408 IN NS d.root-servers.net. . 80408 IN NS e.root-servers.net. . 80408 IN NS f.root-servers.net. . 80408 IN NS g.root-servers.net. ;; Received 239 bytes from 127.0.0.1#53(127.0.0.1) in 0 ms us. 172800 IN NS b.cctld.us. us. 172800 IN NS f.cctld.us. us. 172800 IN NS k.cctld.us. us. 172800 IN NS w.cctld.us. us. 172800 IN NS x.cctld.us. us. 172800 IN NS y.cctld.us. couldn't get address for 'b.cctld.us': not found couldn't get address for 'f.cctld.us': not found couldn't get address for 'k.cctld.us': not found couldn't get address for 'w.cctld.us': not found couldn't get address for 'x.cctld.us': not found couldn't get address for 'y.cctld.us': not found dig: couldn't get address for 'b.cctld.us': no more -
@dma_pf said in Zoom Blocked, Completely Stumped.:
ouldn't get address for 'b.cctld.us': not found
couldn't get address for 'f.cctld.us': not found
couldn't get address for 'k.cctld.us': not found
couldn't get address for 'w.cctld.us': not found
couldn't get address for 'x.cctld.us': not found
couldn't get address for 'y.cctld.us': not foundThere is where you failing - you can not talk to the next gtld servers the ones that know where the ns are for anything .us
I would say you are not able to talk to roots to get that... For example you should be able to query root servers and ask for the IP of any of those cctld.us servers.. example
$ dig @h.root-servers.net b.cctld.us ; <<>> DiG 9.16.26 <<>> @h.root-servers.net b.cctld.us ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10358 ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 6, ADDITIONAL: 13 ;; WARNING: recursion requested but not available ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1232 ;; QUESTION SECTION: ;b.cctld.us. IN A ;; AUTHORITY SECTION: us. 172800 IN NS b.cctld.us. us. 172800 IN NS f.cctld.us. us. 172800 IN NS k.cctld.us. us. 172800 IN NS w.cctld.us. us. 172800 IN NS x.cctld.us. us. 172800 IN NS y.cctld.us. ;; ADDITIONAL SECTION: b.cctld.us. 172800 IN A 156.154.125.70 f.cctld.us. 172800 IN A 209.173.58.70 k.cctld.us. 172800 IN A 156.154.128.70 w.cctld.us. 172800 IN A 37.209.192.15 x.cctld.us. 172800 IN A 37.209.194.15 y.cctld.us. 172800 IN A 37.209.196.15 b.cctld.us. 172800 IN AAAA 2001:502:ad09::29 f.cctld.us. 172800 IN AAAA 2001:500:3682::11 k.cctld.us. 172800 IN AAAA 2001:503:e239::3:1 w.cctld.us. 172800 IN AAAA 2001:dcd:1::15 x.cctld.us. 172800 IN AAAA 2001:dcd:2::15 y.cctld.us. 172800 IN AAAA 2001:dcd:3::15 ;; Query time: 50 msec ;; SERVER: 198.97.190.53#53(198.97.190.53) ;; WHEN: Tue Mar 15 17:03:43 Central Daylight Time 2022 ;; MSG SIZE rcvd: 397If you can not talk to roots - then really you wouldn't be able to resolve anything..
-
@dma_pf said in Zoom Blocked, Completely Stumped.:
No other servers listed here. Only using the root servers.
Your not pointing directly to roots in your dns config on pfsense are you?? out of the box pfsense resolves, you should not point anywhere.. You should only point to 127.0.0.1 (unbound) and it knows the root servers..
If you can not talk to roots, you wouldn't be able to resolve anything - but you can not query them recursive... You can only ask them for NSs of the tld, If your like forwarding to roots - that would never work..
-
@johnpoz Here's what I get:
; <<>> DiG 9.16.23 <<>> @h.root-servers.net b.cctld.us ; (2 servers found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3117 ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 6, ADDITIONAL: 13 ;; WARNING: recursion requested but not available ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1232 ;; QUESTION SECTION: ;b.cctld.us. IN A ;; AUTHORITY SECTION: us. 172800 IN NS b.cctld.us. us. 172800 IN NS f.cctld.us. us. 172800 IN NS k.cctld.us. us. 172800 IN NS w.cctld.us. us. 172800 IN NS x.cctld.us. us. 172800 IN NS y.cctld.us. ;; ADDITIONAL SECTION: b.cctld.us. 172800 IN A 156.154.125.70 f.cctld.us. 172800 IN A 209.173.58.70 k.cctld.us. 172800 IN A 156.154.128.70 w.cctld.us. 172800 IN A 37.209.192.15 x.cctld.us. 172800 IN A 37.209.194.15 y.cctld.us. 172800 IN A 37.209.196.15 b.cctld.us. 172800 IN AAAA 2001:502:ad09::29 f.cctld.us. 172800 IN AAAA 2001:500:3682::11 k.cctld.us. 172800 IN AAAA 2001:503:e239::3:1 w.cctld.us. 172800 IN AAAA 2001:dcd:1::15 x.cctld.us. 172800 IN AAAA 2001:dcd:2::15 y.cctld.us. 172800 IN AAAA 2001:dcd:3::15 ;; Query time: 35 msec ;; SERVER: 198.97.190.53#53(198.97.190.53) ;; WHEN: Tue Mar 15 18:05:47 EDT 2022 ;; MSG SIZE rcvd: 397Question is why is it failing? And only for that domain? I haven't had any issues with anything else resolving all day.
I'm 20 miles from the University Of Maryland....and I'm an alumni. You'd think they'd give me more respect!
Does this mean that I will need to go to forwarding mode in resolver?
-
Doh!
Does it also work against that server Unbound is trying:[2.6.0-RELEASE][admin@cedev-3.stevew.lan]/root: dig @205.251.195.120 zoom.us ; <<>> DiG 9.16.23 <<>> @205.251.195.120 zoom.us ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57270 ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 1 ;; WARNING: recursion requested but not available ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;zoom.us. IN A ;; ANSWER SECTION: zoom.us. 60 IN A 170.114.10.89 ;; AUTHORITY SECTION: zoom.us. 172800 IN NS ns-1137.awsdns-14.org. zoom.us. 172800 IN NS ns-1772.awsdns-29.co.uk. zoom.us. 172800 IN NS ns-387.awsdns-48.com. zoom.us. 172800 IN NS ns-888.awsdns-47.net. ;; Query time: 15 msec ;; SERVER: 205.251.195.120#53(205.251.195.120) ;; WHEN: Tue Mar 15 22:15:00 GMT 2022 ;; MSG SIZE rcvd: 192 -
@dma_pf ok so that looks fine... So can you actually query any of the cctld.us server for zoom.us?
From your trace it said it could not get an IP for any of the cctld.us servers. But maybe it just couldn't talk to them - try doing a directed query to any of those IPs asking for zoom.us ns..
example
$ dig @37.209.192.15 zoom.us NS ; <<>> DiG 9.16.26 <<>> @37.209.192.15 zoom.us NS ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 58274 ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 4, ADDITIONAL: 1 ;; WARNING: recursion requested but not available ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1232 ;; QUESTION SECTION: ;zoom.us. IN NS ;; AUTHORITY SECTION: zoom.us. 7200 IN NS ns-1772.awsdns-29.co.uk. zoom.us. 7200 IN NS ns-1137.awsdns-14.org. zoom.us. 7200 IN NS ns-387.awsdns-48.com. zoom.us. 7200 IN NS ns-888.awsdns-47.net. ;; Query time: 36 msec ;; SERVER: 37.209.192.15#53(37.209.192.15) ;; WHEN: Tue Mar 15 17:23:04 Central Daylight Time 2022 ;; MSG SIZE rcvd: 176 -
@stephenw10 said in Zoom Blocked, Completely Stumped.:
Does it also work against that server Unbound is trying:
I'm not quite sure if you're asking me to find out which server my Unbound is using or run the query in your example. If it's the IP that my Unbound is using, how do I find it? As far as I know it just queries the 13 roots.
If it's the query you provided here what I get:
; <<>> DiG 9.16.23 <<>> @205.251.195.120 zoom.us ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 65232 ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 1 ;; WARNING: recursion requested but not available ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;zoom.us. IN A ;; ANSWER SECTION: zoom.us. 60 IN A 170.114.10.85 ;; AUTHORITY SECTION: zoom.us. 172800 IN NS ns-1137.awsdns-14.org. zoom.us. 172800 IN NS ns-1772.awsdns-29.co.uk. zoom.us. 172800 IN NS ns-387.awsdns-48.com. zoom.us. 172800 IN NS ns-888.awsdns-47.net. ;; Query time: 7 msec ;; SERVER: 205.251.195.120#53(205.251.195.120) ;; WHEN: Tue Mar 15 18:18:41 EDT 2022 ;; MSG SIZE rcvd: 192 -
@johnpoz said in Zoom Blocked, Completely Stumped.:
try doing a directed query to any of those IPs asking for zoom.us ns..
Here you go...I ran a query for each of the IPv4 servers.
; <<>> DiG 9.16.23 <<>> @156.154.125.70 zoom.us NS ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23918 ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 4, ADDITIONAL: 1 ;; WARNING: recursion requested but not available ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1232 ; COOKIE: ae492118dabb530301000000623112e53cdc60e78d6495b9 (good) ;; QUESTION SECTION: ;zoom.us. IN NS ;; AUTHORITY SECTION: zoom.us. 7200 IN NS ns-1772.awsdns-29.co.uk. zoom.us. 7200 IN NS ns-888.awsdns-47.net. zoom.us. 7200 IN NS ns-387.awsdns-48.com. zoom.us. 7200 IN NS ns-1137.awsdns-14.org. ;; Query time: 9 msec ;; SERVER: 156.154.125.70#53(156.154.125.70) ;; WHEN: Tue Mar 15 18:27:49 EDT 2022 ;; MSG SIZE rcvd: 204; <<>> DiG 9.16.23 <<>> @209.173.58.70 zoom.us NS ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64421 ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 4, ADDITIONAL: 1 ;; WARNING: recursion requested but not available ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1232 ; COOKIE: 46c30a9773371738010000006231134cc91442fbc9c0d52b (good) ;; QUESTION SECTION: ;zoom.us. IN NS ;; AUTHORITY SECTION: zoom.us. 7200 IN NS ns-387.awsdns-48.com. zoom.us. 7200 IN NS ns-1772.awsdns-29.co.uk. zoom.us. 7200 IN NS ns-1137.awsdns-14.org. zoom.us. 7200 IN NS ns-888.awsdns-47.net. ;; Query time: 7 msec ;; SERVER: 209.173.58.70#53(209.173.58.70) ;; WHEN: Tue Mar 15 18:29:32 EDT 2022 ;; MSG SIZE rcvd: 204; <<>> DiG 9.16.23 <<>> @156.154.128.70 zoom.us NS ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42094 ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 4, ADDITIONAL: 1 ;; WARNING: recursion requested but not available ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1232 ; COOKIE: 013ba9c4121d43120100000062311378b7be69e034c0357e (good) ;; QUESTION SECTION: ;zoom.us. IN NS ;; AUTHORITY SECTION: zoom.us. 7200 IN NS ns-1137.awsdns-14.org. zoom.us. 7200 IN NS ns-387.awsdns-48.com. zoom.us. 7200 IN NS ns-888.awsdns-47.net. zoom.us. 7200 IN NS ns-1772.awsdns-29.co.uk. ;; Query time: 21 msec ;; SERVER: 156.154.128.70#53(156.154.128.70) ;; WHEN: Tue Mar 15 18:30:16 EDT 2022 ;; MSG SIZE rcvd: 204; <<>> DiG 9.16.23 <<>> @37.209.192.15 zoom.us NS ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4321 ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 4, ADDITIONAL: 1 ;; WARNING: recursion requested but not available ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1232 ;; QUESTION SECTION: ;zoom.us. IN NS ;; AUTHORITY SECTION: zoom.us. 7200 IN NS ns-1137.awsdns-14.org. zoom.us. 7200 IN NS ns-387.awsdns-48.com. zoom.us. 7200 IN NS ns-888.awsdns-47.net. zoom.us. 7200 IN NS ns-1772.awsdns-29.co.uk. ;; Query time: 9 msec ;; SERVER: 37.209.192.15#53(37.209.192.15) ;; WHEN: Tue Mar 15 18:30:50 EDT 2022 ;; MSG SIZE rcvd: 176; <<>> DiG 9.16.23 <<>> @37.209.194.15 zoom.us NS ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24122 ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 4, ADDITIONAL: 1 ;; WARNING: recursion requested but not available ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1232 ;; QUESTION SECTION: ;zoom.us. IN NS ;; AUTHORITY SECTION: zoom.us. 7200 IN NS ns-1772.awsdns-29.co.uk. zoom.us. 7200 IN NS ns-387.awsdns-48.com. zoom.us. 7200 IN NS ns-888.awsdns-47.net. zoom.us. 7200 IN NS ns-1137.awsdns-14.org. ;; Query time: 9 msec ;; SERVER: 37.209.194.15#53(37.209.194.15) ;; WHEN: Tue Mar 15 18:31:20 EDT 2022 ;; MSG SIZE rcvd: 176; <<>> DiG 9.16.23 <<>> @37.209.196.15 zoom.us NS ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28567 ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 4, ADDITIONAL: 1 ;; WARNING: recursion requested but not available ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1232 ;; QUESTION SECTION: ;zoom.us. IN NS ;; AUTHORITY SECTION: zoom.us. 7200 IN NS ns-1772.awsdns-29.co.uk. zoom.us. 7200 IN NS ns-387.awsdns-48.com. zoom.us. 7200 IN NS ns-888.awsdns-47.net. zoom.us. 7200 IN NS ns-1137.awsdns-14.org. ;; Query time: 7 msec ;; SERVER: 37.209.196.15#53(37.209.196.15) ;; WHEN: Tue Mar 15 18:31:46 EDT 2022 ;; MSG SIZE rcvd: 176 -
@johnpoz said in Zoom Blocked, Completely Stumped.:
Your not pointing directly to roots in your dns config on pfsense are you?? out of the box pfsense resolves, you should not point anywhere.. You should only point to 127.0.0.1 (unbound) and it knows the root servers..
If you can not talk to roots, you wouldn't be able to resolve anything - but you can not query them recursive... You can only ask them for NSs of the tld, If your like forwarding to roots - that would never work..Sorry, I missed this earlier. What I meant to say is that I am using Unbound in it's default state. Unbound only resolves through the 13 root servers via its default settings. There is no forwarding in resolver settings. Everything with internet access is pointed to pfsense for its dns server except for 1 client. There is a AD domain controller which that 1 client points (via DHCP settings) to for its dns. The AD DNS then forwards to pfsense. It's been this way for years without issues.
But the inability to get to zoom.us is universal to all devices on the network, regardless of whether or not it uses unbound directly or if it being forwarded from the AD domain controller.
-
Try bumping up the logging level on Unbound. It must be seeing an error somewhere.
-
@stephenw10 I bumped the log level up to 5 (from 3). Waited until the clock turned to 7:41 and did a DNS lookup. In the log I filtered by Mar 15 19:41:0 and here's what I got:
Mar 15 19:41:03 unbound 25496 [25496:2] info: send_udp over interface: 192.168.163.1 Mar 15 19:41:03 unbound 25496 [25496:2] info: receive_udp on interface: 192.168.163.1 Mar 15 19:41:03 unbound 25496 [25496:2] info: send_udp over interface: 192.168.163.1 Mar 15 19:41:03 unbound 25496 [25496:2] info: receive_udp on interface: 192.168.163.1 Mar 15 19:41:03 unbound 25496 [25496:2] info: send_udp over interface: 192.168.163.1 Mar 15 19:41:03 unbound 25496 [25496:2] info: receive_udp on interface: 192.168.163.1 Mar 15 19:41:03 unbound 25496 [25496:2] info: send_udp over interface: 192.168.163.1 Mar 15 19:41:03 unbound 25496 [25496:2] info: receive_udp on interface: 192.168.163.1 Mar 15 19:41:03 unbound 25496 [25496:2] info: send_udp over interface: 192.168.163.1 Mar 15 19:41:03 unbound 25496 [25496:2] info: receive_udp on interface: 192.168.163.1 Mar 15 19:41:03 unbound 25496 [25496:2] debug: cache memory msg=257779 rrset=679453 infra=181905 val=165184 Mar 15 19:41:03 unbound 25496 [25496:2] info: 2.000000 4.000000 2 Mar 15 19:41:03 unbound 25496 [25496:2] info: 1.000000 2.000000 2 Mar 15 19:41:03 unbound 25496 [25496:2] info: 0.524288 1.000000 11 Mar 15 19:41:03 unbound 25496 [25496:2] info: 0.262144 0.524288 15 Mar 15 19:41:03 unbound 25496 [25496:2] info: 0.131072 0.262144 22 Mar 15 19:41:03 unbound 25496 [25496:2] info: 0.065536 0.131072 12 Mar 15 19:41:03 unbound 25496 [25496:2] info: 0.032768 0.065536 19 Mar 15 19:41:03 unbound 25496 [25496:2] info: 0.016384 0.032768 30 Mar 15 19:41:03 unbound 25496 [25496:2] info: 0.008192 0.016384 8 Mar 15 19:41:03 unbound 25496 [25496:2] info: 0.000000 0.000001 6 Mar 15 19:41:03 unbound 25496 [25496:2] info: lower(secs) upper(secs) recursions Mar 15 19:41:03 unbound 25496 [25496:2] info: [25%]=0.0260779 median[50%]=0.0682667 [75%]=0.251718 Mar 15 19:41:03 unbound 25496 [25496:2] info: histogram of recursion processing times Mar 15 19:41:03 unbound 25496 [25496:2] info: average recursion processing time 0.217590 sec Mar 15 19:41:03 unbound 25496 [25496:2] info: mesh_run: end 0 recursion states (0 with reply, 0 detached), 0 waiting replies, 127 recursion replies sent, 0 replies dropped, 0 states jostled out Mar 15 19:41:03 unbound 25496 [25496:2] debug: query took 0.000000 sec Mar 15 19:41:03 unbound 25496 [25496:2] info: send_udp over interface: 192.168.163.1 Mar 15 19:41:03 unbound 25496 [25496:2] debug: mesh_run: validator module exit state is module_finished Mar 15 19:41:03 unbound 25496 [25496:2] debug: val handle processing q with state VAL_FINISHED_STATE Mar 15 19:41:03 unbound 25496 [25496:2] info: chased extract ;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 0 ;; flags: qr ra ; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: logfiles.zoom.us. IN A ;; ANSWER SECTION: logfiles.zoom.us. 3194 IN CNAME us01-logfiles-va.zoom.us. ;; AUTHORITY SECTION: ;; ADDITIONAL SECTION: ;; MSG SIZE rcvd: 65 Mar 15 19:41:03 unbound 25496 [25496:2] info: no signer, using logfiles.zoom.us. TYPE0 CLASS0 Mar 15 19:41:03 unbound 25496 [25496:2] debug: validator classification cname Mar 15 19:41:03 unbound 25496 [25496:2] debug: val handle processing q with state VAL_INIT_STATE Mar 15 19:41:03 unbound 25496 [25496:2] debug: validator: nextmodule returned Mar 15 19:41:03 unbound 25496 [25496:2] info: validator operate: query logfiles.zoom.us. A IN Mar 15 19:41:03 unbound 25496 [25496:2] debug: validator[module 0] operate: extstate:module_wait_module event:module_event_moddone Mar 15 19:41:03 unbound 25496 [25496:2] debug: mesh_run: iterator module exit state is module_finished Mar 15 19:41:03 unbound 25496 [25496:2] debug: prepending 2 rrsets Mar 15 19:41:03 unbound 25496 [25496:2] info: finishing processing for logfiles.zoom.us. A IN Mar 15 19:41:03 unbound 25496 [25496:2] debug: iter_handle processing q with state FINISHED RESPONSE STATE Mar 15 19:41:03 unbound 25496 [25496:2] debug: returning answer from cache. Mar 15 19:41:03 unbound 25496 [25496:2] debug: msg ttl is 3506, prefetch ttl 3146 Mar 15 19:41:03 unbound 25496 [25496:2] info: msg from cache lookup ;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 0 ;; flags: qr ra ; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 0 ;; QUESTION SECTION: us01-logfiles-va-9.zoom.us. IN A ;; ANSWER SECTION: us01-logfiles-va-9.zoom.us. 3445 IN A 170.114.15.223 ;; AUTHORITY SECTION: zoom.us. 85858 IN NS ns-888.awsdns-47.net. zoom.us. 85858 IN NS ns-1137.awsdns-14.org. zoom.us. 85858 IN NS ns-1772.awsdns-29.co.uk. zoom.us. 85858 IN NS ns-387.awsdns-48.com. ;; ADDITIONAL SECTION: ;; MSG SIZE rcvd: 200 Mar 15 19:41:03 unbound 25496 [25496:2] debug: request has dependency depth of 0 Mar 15 19:41:03 unbound 25496 [25496:2] info: resolving logfiles.zoom.us. A IN Mar 15 19:41:03 unbound 25496 [25496:2] debug: iter_handle processing q with state INIT REQUEST STATE Mar 15 19:41:03 unbound 25496 [25496:2] debug: returning CNAME response from cache Mar 15 19:41:03 unbound 25496 [25496:2] debug: msg ttl is 3570, prefetch ttl 3213 Mar 15 19:41:03 unbound 25496 [25496:2] info: msg from cache lookup ;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 0 ;; flags: qr ; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: us01-logfiles-va.zoom.us. IN A ;; ANSWER SECTION: us01-logfiles-va.zoom.us. 3570 IN CNAME us01-logfiles-va-9.zoom.us. ;; AUTHORITY SECTION: ;; ADDITIONAL SECTION: ;; MSG SIZE rcvd: 75 Mar 15 19:41:03 unbound 25496 [25496:2] debug: request has dependency depth of 0 Mar 15 19:41:03 unbound 25496 [25496:2] info: resolving logfiles.zoom.us. A IN Mar 15 19:41:03 unbound 25496 [25496:2] debug: iter_handle processing q with state INIT REQUEST STATE Mar 15 19:41:03 unbound 25496 [25496:2] debug: returning CNAME response from cache Mar 15 19:41:03 unbound 25496 [25496:2] debug: msg ttl is 3194, prefetch ttl 2875 Mar 15 19:41:03 unbound 25496 [25496:2] info: msg from cache lookup ;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 0 ;; flags: qr ; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: logfiles.zoom.us. IN A ;; ANSWER SECTION: logfiles.zoom.us. 3194 IN CNAME us01-logfiles-va.zoom.us. ;; AUTHORITY SECTION: ;; ADDITIONAL SECTION: ;; MSG SIZE rcvd: 65 Mar 15 19:41:03 unbound 25496 [25496:2] debug: request has dependency depth of 0 Mar 15 19:41:03 unbound 25496 [25496:2] info: resolving logfiles.zoom.us. A IN Mar 15 19:41:03 unbound 25496 [25496:2] debug: iter_handle processing q with state INIT REQUEST STATE Mar 15 19:41:03 unbound 25496 [25496:2] debug: process_request: new external request event Mar 15 19:41:03 unbound 25496 [25496:2] debug: iterator[module 1] operate: extstate:module_state_initial event:module_event_pass Mar 15 19:41:03 unbound 25496 [25496:2] debug: mesh_run: validator module exit state is module_wait_module Mar 15 19:41:03 unbound 25496 [25496:2] debug: validator: pass to next module Mar 15 19:41:03 unbound 25496 [25496:2] info: validator operate: query logfiles.zoom.us. A IN Mar 15 19:41:03 unbound 25496 [25496:2] debug: validator[module 0] operate: extstate:module_state_initial event:module_event_new Mar 15 19:41:03 unbound 25496 [25496:2] debug: mesh_run: start Mar 15 19:41:03 unbound 25496 [25496:2] debug: udp request from ip4 192.168.165.2 port 56469 (len 16) Mar 15 19:41:03 unbound 25496 [25496:2] debug: answer from the cache failed Mar 15 19:41:03 unbound 25496 [25496:2] debug: Cache reply: cname chain broken Mar 15 19:41:03 unbound 25496 [25496:2] info: receive_udp on interface: 192.168.163.1 Mar 15 19:41:03 unbound 25496 [25496:2] info: send_udp over interface: 192.168.163.1 Mar 15 19:41:03 unbound 25496 [25496:2] info: receive_udp on interface: 192.168.163.1 Mar 15 19:41:03 unbound 25496 [25496:0] info: send_udp over interface: 192.168.163.1 Mar 15 19:41:03 unbound 25496 [25496:0] info: receive_udp on interface: 192.168.163.1 Mar 15 19:41:00 unbound 25496 [25496:1] debug: close fd 24 Mar 15 19:41:00 unbound 25496 [25496:1] debug: comm_point_close of 24: event_del Mar 15 19:41:00 unbound 25496 [25496:1] debug: close of port 39760 Mar 15 19:41:00 unbound 25496 [25496:1] debug: serviced_delete Mar 15 19:41:00 unbound 25496 [25496:1] debug: svcd callbacks end Mar 15 19:41:00 unbound 25496 [25496:1] debug: cache memory msg=257779 rrset=679453 infra=181905 val=165184 Mar 15 19:41:00 unbound 25496 [25496:1] info: 2.000000 4.000000 1 Mar 15 19:41:00 unbound 25496 [25496:1] info: 1.000000 2.000000 1 Mar 15 19:41:00 unbound 25496 [25496:1] info: 0.524288 1.000000 3 Mar 15 19:41:00 unbound 25496 [25496:1] info: 0.262144 0.524288 10 Mar 15 19:41:00 unbound 25496 [25496:1] info: 0.131072 0.262144 16 Mar 15 19:41:00 unbound 25496 [25496:1] info: 0.065536 0.131072 4 Mar 15 19:41:00 unbound 25496 [25496:1] info: 0.032768 0.065536 4 Mar 15 19:41:00 unbound 25496 [25496:1] info: 0.016384 0.032768 5 Mar 15 19:41:00 unbound 25496 [25496:1] info: 0.008192 0.016384 1 Mar 15 19:41:00 unbound 25496 [25496:1] info: 0.000000 0.000001 2 Mar 15 19:41:00 unbound 25496 [25496:1] info: lower(secs) upper(secs) recursions Mar 15 19:41:00 unbound 25496 [25496:1] info: [25%]=0.063488 median[50%]=0.192512 [75%]=0.347341 Mar 15 19:41:00 unbound 25496 [25496:1] info: histogram of recursion processing times Mar 15 19:41:00 unbound 25496 [25496:1] info: average recursion processing time 0.270629 sec Mar 15 19:41:00 unbound 25496 [25496:1] info: mesh_run: end 0 recursion states (0 with reply, 0 detached), 0 waiting replies, 47 recursion replies sent, 0 replies dropped, 0 states jostled out Mar 15 19:41:00 unbound 25496 [25496:1] debug: mesh_run: validator module exit state is module_finished Mar 15 19:41:00 unbound 25496 [25496:1] debug: val handle processing q with state VAL_FINISHED_STATE Mar 15 19:41:00 unbound 25496 [25496:1] info: no signer, using zoom.us. TYPE0 CLASS0 Mar 15 19:41:00 unbound 25496 [25496:1] debug: validator classification nodata Mar 15 19:41:00 unbound 25496 [25496:1] debug: val handle processing q with state VAL_INIT_STATE Mar 15 19:41:00 unbound 25496 [25496:1] debug: validator: nextmodule returned Mar 15 19:41:00 unbound 25496 [25496:1] info: validator operate: query zoom.us. CNAME IN Mar 15 19:41:00 unbound 25496 [25496:1] debug: validator[module 0] operate: extstate:module_wait_module event:module_event_moddone Mar 15 19:41:00 unbound 25496 [25496:1] debug: mesh_run: iterator module exit state is module_finished Mar 15 19:41:00 unbound 25496 [25496:1] info: finishing processing for zoom.us. CNAME IN Mar 15 19:41:00 unbound 25496 [25496:1] debug: iter_handle processing q with state FINISHED RESPONSE STATE Mar 15 19:41:00 unbound 25496 [25496:1] info: query response was nodata ANSWER Mar 15 19:41:00 unbound 25496 [25496:1] debug: iter_handle processing q with state QUERY RESPONSE STATE Mar 15 19:41:00 unbound 25496 [25496:1] info: incoming scrubbed packet: ;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 0 ;; flags: qr aa ; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: zoom.us. IN CNAME ;; ANSWER SECTION: ;; AUTHORITY SECTION: zoom.us. 3600 IN SOA ns-1137.awsdns-14.org. awsdns-hostmaster.amazon.com. 1 7200 900 1209600 86400 ;; ADDITIONAL SECTION: ;; MSG SIZE rcvd: 110I immediately copied and pasted it into notepad. Then I tried to filter the log by Mar 15 19:41:1 but I got nothing. I presume the log file had already been written over. If you need more than what I got I'll have to up the size of the log file. Let me know.
-
@stephenw10 I'm digging into this a bit farther and I'm finding a bunch of stuff. I'm finding multiple entries like these:
These IPs are all the cctld.us. root servers we identified as authoritative for zoom.us. I'm not sure if this would be the correct syntax for a grep command but I tried to run this command:
grep xxx.xxx.xxx.xxx /var/db/pfblockerng/original/*at the command prompt, for each IP, to see if the IPs were in a pfblocker feed. All of the searches returned nothing.
-
Outbound permission denied like that is usually a local firewall rule. And that is almost always Snort/Suricata or pfBlocker.
-
Yeah if your blocking outbound traffic to the networks or IPs the gtld servers are in your going to have problems!!!
Keep in mind the root and gtlds (ns for tlds) just below the root servers in the hierarchy are globally based.. So they could really be anywhere across the globe.
Blocking the planet is really BAD idea and practice. You should block only specifics.. Or only allow specifics to your inbound traffic.
pbflocker and IPS are both very powerful tools - and quite often users shoot themselves in the foot with them. Like handing a loaded gun to a teenager that has been in your liquor cabinet if you ask me... Yeah they might hit a few targets, but let them play with it long enough and they will end up in the hospital or the morgue..
I only block couple of things outbound.. rfc1918 being a good netizen, and known doh servers IPs. And dot (853).. I do not use doh, I do not use dot - and I want none of my devices using it behind my back... These rules are logged, and any hits I will look into why!! Rest of the internet is open outbound... I never know what I might need to talk to..
-
@stephenw10 @johnpoz I don't have Snort or Suratica installed the system. As far as I can tell, pfblocker is completely shut down. I just filtered both the firewall logs and the pfblocker logs against every one of the 6 IPs and I got no blocks whatsoever. On the firewall I log everything except the default block rule on WAN and as far as I know pfblocker logs every block. I only have 1 geo_ip block alias (some selected Top 40 spammers) but I have it disabled in the firewall on the Lan interface where I've done some of my testing today. I also see in the pfsense logs that the top 40 Spammers feed was last updated March 10. We've definitely been on zoom since then.....this all started today....so I doubt it's an update to that feed. I don't block the planet.
I really grateful and appreciate of your guy's help today. I've learned so much from you guys over the years and continue to learn more and more each day. It's very comforting to know that you guys are out there for when I'm really lost with no direction home!
Right now I'm going to get some dinner and a stiff drink and dig into this again in the morning with a big cup of coffee. I'll let you guys know what, if anything, I find out. Thanks again!
