PfBlockerNG + DNSBL = NXDOMAIN
-
Hi everyone!
Is there a way to tell pfBlockerNG to format the pfb_dnsbl.conf like this:
local-zone: "152media.com" staticrather than this:
local-data: "152media.com 60 IN A 10.10.10.1"I want my DNS to return NXDOMAIN on filtered domains rather than a "wrong" IP address.
Cheers
-
I've added```
&& /usr/bin/sed -i -e 's/."([^ ]+) ./local-zone: "\1" static/' /var/unbound/pfb_dnsbl.conf -
You realize that this "improvement" breaks the alerts logging plus will cause issue with browsers as well, right?
-
Apart from the original solution (returning 10.10.10.1 instead of NXDOMAIN) actually causing issues with browsers I haven't seen any problems so far. Which problems with browsers would that be?
Regarding the alert logging: I don't need that. All I want to achieve is domain based blocking in the DNS, nothing more, nothing less ;)
However, your answer made me think. Maybe pfBlockerNG is kind of an overkill solution to my problem. I could easily download the lists and compile a unbound configuration with a simple script instead…
Regardless, I'd still like to know which "issues with browsers" you are referring to.
-
I must be special, but I do NOT appreciate loads of "domain not found" errors in place of the blocked stuff. That's the whole point of the 1x1gif webserver.
-
The next version of the package will have the option to define "0.0.0.0" (No logging option) instead of the DNSBL VIP on a per Group basis…
You could edit this file: /usr/local/pkg/pfblockerng/pfblockerng.inc Line #3594
and change the line
From:
$domain_data .= "local-data: \"" . $line . " 60 IN A {$pfb['dnsbl_vip']}\"\n";To:
$domain_data .= "local-data: \"" . $line . " 60 IN A 0.0.0.0\"\n";and follow that with a Force Reload - DNSBL.
-
the reason for the blank img method is some sites check for a 200 status.
