DNS Blacklist, New Package! Check it out.
-
Hi - firstly thanks for adding this.
Secondly. In case it helps anyone else and saves them the puzzlement it did me, some feedback. I know this kinda repeats some of the above wrt google and facebook, but posting for googlers as the cert thing is new afaik.
Added fine through gui, selected a bunch of likely looking rules and left it running.
User reported "strange messages when trying to login to facebook". Checked.
facebook.com - login screen displayed normally. User enters email address and password and clicks submit;
Firefox displays the wrong cert error;
Secure Connection Failed
login.facebook.com uses an invalid security certificate.
The certificate is only valid for the following names:
google.com , *.google.com(Error code: ssl_error_bad_cert_domain)
(Client running Vista, Error repeats on IE8. Error also repeated on Firefox 3.5 on my Ubuntu machine)
Note google's domain, not facebook. If I forced it to accept, on submitting correct login details to facebook, user was redirected to google.com instead of facebook.
After some fiddling around, I established the problem went away if Dns Blacklist was disabled through the webgui (just the tickbox at the top of it's own settings page).
After some further fiddling, I established that the problem stayed away if I turned on Dns Blacklist, BUT DID NOT SELECT the topmost "Adult (X)" ruleset.
So I can only conclude that something in that particular ruleset is causing this somewhat bizarre certification issue to surface during https or ssl on at least facebook.com (Might happen on other sites, just this was the first)
I hope that's enough to help point towards the problem, and help anyone else encountering this.
-
Fist off I want to say this is a great package! Thanks for all of your work! Sorry if this has already been mentioned, but I would like to see GEO location block options. So for example, if I wanted to block all traffic from URL's ending with *.RU or *.CN, etc.
TNR
-
I would like very much to see this project continue on. Is it in the maybe stage still or will this project be further developed upon? All in all I want to say thank you for the work you have put into this. I've found it useful and would like to see it advanced further to become even better.
-
Hey guys… I'm really glad to hear all the good comments about this package. As almost everyone knows, the issue with this package continuing is the Block List. I would LOVE to make a new release, but until I can compile my OWN list, it just won't happen. I have started on a list, but it's not very big and all of the categories are so large.
As soon as I can get my OWN list compiled and separated then we will be back in business. mcrane has been majorly swamped with his FusionPBX project so I've not even bothered him with this one.
Just everyone who uses this Add-on, hold tight and don't give up on us.
Next release features will include
+Ability to add custom entries
+Ability to bypass individual entries in a blocked category.
+Ability to load local error page (on pfSense)
+Ability to view/edit/modify categories within the GUI (memory intensive) -
Look forward to seeing that :)
Remember to put an country IP blacklist as well….Many an admin would like to see China, Russia and Korea go away...:D
-
Hi,
I am new to PfSense, I tried using DNS Blacklist and tried to block, Adult Porn and Online Gaming but I beleive it blocks all sites, if I try accessing any site it redirects to Google. For eg I tried indiatimes.com; yahoo.co; rediff.com and our Company website but it all gets redirected to Google, not sure if I am going wrong somewhere or do I need to work on the scripts.I have the same issue.
-
Hi,
I am new to PfSense, I tried using DNS Blacklist and tried to block, Adult Porn and Online Gaming but I beleive it blocks all sites, if I try accessing any site it redirects to Google. For eg I tried indiatimes.com; yahoo.co; rediff.com and our Company website but it all gets redirected to Google, not sure if I am going wrong somewhere or do I need to work on the scripts.I have the same issue.
I also have the same issue and even if I uninstall the dns blacklist the DNS redirector is jacked up now and no dns redirection works.
-
Am I missing something or is this like running Squid and Squidguard? And if so, why at the beginning of the thread did the developers make reference to DNS Blacklist (eventually) running in conjunction with a proxy server? Seems like DNS Blacklist is a great idea for those who don't employ proxy servers and redundant to those who do (along with Squidguard).
Please…show me the error in my thinking.
-
I agre, what is the difference with Squid-Squid guard
I have good squit guard setup should i consider this instead
What are the advantaged or disadvantagesThank you!
-
The DNS Blacklist is what its name implies. Its a DNS Domain name black list. Domains that are on the list are detoured to an alternate address in this way it blocks the website. Simple concept effective and doesn't require a proxy. To be completely effective you need to block other DNS Servers.
-
did any one ask? Ive heard of pay services providing free services to projects like this.
-
Hi,
is there a possibility that the DNS Blacklist is valid only for some clients in the network?
What i mean is: Can i set permissions within the DNS Blacklist for some clients.And thank you for your work on this package!
-
Wow… i've tried this.. unbelivble...it's simple. Thanksss Guys....it's really2 work .. \m/
-
This is a great package, using it very well great work!
I do have 1 issue. When i turn on Adult option, it starts blocking sites that aren't even in the blacklist (specifically all of my personal domains). limesg.com, and naveoss.com. I did a grep in the blacklist directory and on the original sites blacklist files and my domains are not in any list. Any advice?
-
Any news of this???
-
Just to chime in a bit:
- Great package. Anything to help with granular site-blocking is a win to me.
- Wondering if perhaps the option to add this list http://www.mvps.org/winhelp2002/hosts.txt might be possible ? …GREAT list to use if you're serious about ad-blocking.
- for anyone having trouble with the blacklist opening a page that you think should be blocked, you might have to clear your DNS cache - from the Windows command line: ipconfig /flushdns
-
DigitalJer the list you linked to seems to be free to use and I like the idea of an ad block category so I will add it as time permits. Main problem with granular control is some of these lists are very large so large we can't just display them in a textarea without killing the browser I've been thinking about a way to page through the list of domains.
-
@mcrane:
… the list you linked to seems to be free to use and I like the idea of an ad block category so I will add it as time permits.
Sweet! tyvm - looking forward to it :)
-
I really like the package. Thank you.
-
@DigitalJer
i've been using MVPS hosts file for years too :) i've installed pfsense yesterday and i'm trying new stuff currently :) i just included the MVPS list (domains only) to the "/usr/local/www/packages/dnsblacklist/blacklists/ads/domains" file and it works fine.furthermore i've changed redirection to localhost/127.0.0.1 in dnsblacklist.php because i really don't like sending any information more than necessary to google :)
is it also possible to use pfsense's /etc/hosts file for blocking those domains? i guess it wouldn't eat that much memory (correct me if i'm wrong) because dnsmasq simply looks up the /etc/hosts file and sees the localhost redirection entries and forwards that to the client instead of holding everything in memory (which is limited on my alix board).
i'm new to pfsense and simple editing /etc/hosts didn't work because something always overwrites the file (i guess it is the "Register DHCP leases in DNS forwarder" setting).
[edit]
just found /etc/inc/system.inc and changed function system_hosts_generate() to append my host list to /etc/hosts :) skipping DNS blacklist package.
[/edit]
