Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Still having classic problem of blocked URLs with 'unknown' feed

    Scheduled Pinned Locked Moved pfBlockerNG
    3 Posts 3 Posters 940 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      talaverde
      last edited by

      Even after a completely fresh reinstall, I keep getting unwanted URLs on the DNSBL block list with 'unknown' feed. Here are some examples:

      wsapi.skype.com
      static.asm.skype.com
      consumer.entitlement.skype.com
      in.appcenter.ms

      grep -r -l "wsapi.skype.com" /var/db/pfblockerng/*

      When I run this command, these files show up

      /var/db/pfblockerng/dnsbl_cache.sqlite
      /var/db/pfblockerng/pfbalexawhitelist.txt
      /var/db/pfblockerng/top-1m.csv

      Even if I delete those files and run a reload update, they still show up. They won't go away. I figure out how to keep these from being blocked or show up on the list. it seems like every .skype.com subdomain is being blocked. I've added skype.com, .skype.com and even the subdomains themselves to my whitelist. Still, no difference.

      Any thoughts?

      What is dnsbl_cache.sqlite? Is that just a log?

      Are there other files I should search or delete to figure out why all these skype domains are being blocked?

      I'm having the same problem with download.windowsupdate.com.

      Thanks.

      1 Reply Last reply Reply Quote 0
      • RonpfSR
        RonpfS
        last edited by

        @talaverde said in Still having classic problem of blocked URLs with 'unknown' feed:

        wsapi.skype.com

        To find relevant entries in DNSBL db try :

        grep "wsapi.skype.com" /var/db/pfblockerng/dnsbl/*.txt /var/db/pfblockerng/dnsblorig/*.orig /var/unbound/pfb_dnsbl.conf /usr/local/pkg/pfblockerng/dnsbl_tld

        then try "skype.com"

        2.4.5-RELEASE-p1 (amd64)
        Intel Core2 Quad CPU Q8400 @ 2.66GHz 8GB
        Backup 0.5_5, Bandwidthd 0.7.4_4, Cron 0.3.7_5, pfBlockerNG-devel 3.0.0_16, Status_Traffic_Totals 2.3.1_1, System_Patches 1.2_5

        1 Reply Last reply Reply Quote 0
        • BBcan177B
          BBcan177 Moderator
          last edited by

          @talaverde said in Still having classic problem of blocked URLs with 'unknown' feed:

          Even after a completely fresh reinstall, I keep getting unwanted URLs on the DNSBL block list with 'unknown' feed. Here are some examples:
          wsapi.skype.com
          static.asm.skype.com
          consumer.entitlement.skype.com
          in.appcenter.ms

          All of these domains above have a CNAME. Is it possible that these CNAMES are in your Blocklists?

          drill @8.8.8.8 wsapi.skype.com
wsapi.skype.com.        2995    IN      CNAME   client-ws.gateway.messenger.geo.msnmessenger.msn.com.akadns.net.
client-ws.gateway.messenger.geo.msnmessenger.msn.com.akadns.net.        59      IN      CNAME   eus-wsapi.cloudapp.net.
eus-wsapi.cloudapp.net. 58      IN      A       13.92.27.116

drill @8.8.8.8 static.asm.skype.com
static.asm.skype.com.   1657    IN      CNAME   static-asm-skype.trafficmanager.net.
static-asm-skype.trafficmanager.net.    299     IN      CNAME   nus1-authgw.cloudapp.net.
nus1-authgw.cloudapp.net.       52      IN      A       40.77.16.143

drill @8.8.8.8 consumer.entitlement.skype.com
consumer.entitlement.skype.com. 1969    IN      CNAME   sconsentit9.trafficmanager.net.
sconsentit9.trafficmanager.net. 299     IN      CNAME   sconsentit903.cloudapp.net.
sconsentit903.cloudapp.net.     8       IN      A       40.122.44.183

drill @8.8.8.8 in.appcenter.ms
in.appcenter.ms.        732     IN      CNAME   in-secondary-prod-east-us2.prod.avalanch.es.
in-secondary-prod-east-us2.prod.avalanch.es.    129     IN      CNAME   0e6fa46e-9c94-4256-b449-4f54c1f1e69f.cloudapp.net.
0e6fa46e-9c94-4256-b449-4f54c1f1e69f.cloudapp.net.      47      IN      A       13.68.31.193

drill @8.8.8.8 download.windowsupdate.com
download.windowsupdate.com.     1303    IN      CNAME   2-01-3cf7-0009.cdx.cedexis.net.
2-01-3cf7-0009.cdx.cedexis.net. 239     IN      CNAME   b1ns.au-msedge.net.
b1ns.au-msedge.net.     27      IN      CNAME   b1ns.c-0001.c-msedge.net.
b1ns.c-0001.c-msedge.net.       27      IN      CNAME   c-0001.c-msedge.net.
c-0001.c-msedge.net.    27      IN      A       13.107.4.50

          grep -r -l "wsapi.skype.com" /var/db/pfblockerng/*
          When I run this command, these files show up
          /var/db/pfblockerng/dnsbl_cache.sqlite
          /var/db/pfblockerng/pfbalexawhitelist.txt
          /var/db/pfblockerng/top-1m.csv
          Even if I delete those files and run a reload update, they still show up. They won't go away. I figure out how to keep these from being blocked or show up on the list. it seems like every .skype.com subdomain is being blocked. I've added skype.com, .skype.com and even the subdomains themselves to my whitelist. Still, no difference.
          Any thoughts?
          What is dnsbl_cache.sqlite? Is that just a log?

          The dnsbl_cache.sqlite is a database to show the last blocked event. You don't need to delete that file. And definitely don't need to delete the TOP1M Database (Whitelist).

          You need to grep for DNSBL events as:

          grep "example.com" /var/db/pfblockerng/dnsbl/*

          "Experience is something you don't get until just after you need it."

          Website: http://pfBlockerNG.com
          Twitter: @BBcan177  #pfBlockerNG
          Reddit: https://www.reddit.com/r/pfBlockerNG/new/

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.