TLD white list not working
-
@wolfsden3 said in TLD white list not working:
@Gertjan Yes - that's the way it's supposed to work. That's the "block interface" of PFBlockerNG and from my memory...always has been.
That's how it "blocks", it points everything to a non-routed IP address, the PFBlockerNG web site. That's the website that shows you something is blocked and why.
That's WORKING you see but what's NOT working is the TLD White list :-)
clear dnsbl and ip counters, update|reload pfblockerng and dnsbl test again? if the proper ip to be queried is already being blocked, it won't get returned to your box to update cache (from what i've experienced in testing at least in regards to whitelisting in DNSBL at least)
community edition 2.4.5RC pfblockerng-devel latest version
-
@sparkyMcpenguin What do you mean by "clear dnsbl and ip counters, update|reload pfblockerng and dnsbl test again?"
Do you mean: Firewall > PFBlockerNG > Update > Reload > All, IP or DNSBL...?
...or do you mean something else?
I still don't know why it's telling me when reloading that NONE of the host names on the TLD white list can be found (their IP).
Assembling DNSBL database... completed [ 03/01/20 10:02:17 ] TLD: Error: error sending query: Error creating socket TLD Whitelist - Missing data | esa04mx1.3zden.cloud | No IP found! | Error: error sending query: Error creating socketI think I tried to paste that in and their dumb Akismet spam posting plugin squashed it.
-
eroor sending cause blocked in dnsbl.
firewall > pfblockerng > update all> reload all = correct.
for the 'counters' i mentioned, i usually clear them with the pfblocker widget on the dashboard. its a little button in the column showing 'packets' at least for me
-
@sparkyMcpenguin said in TLD white list not working:
eroor sending cause blocked in dnsbl.
firewall > pfblockerng > update all> reload all = correct.
for the 'counters' i mentioned, i usually clear them with the pfblocker widget on the dashboard. its a little button in the column showing 'packets' at least for me
i removed the picture here so it did not duplicate
i also, in the widget, have 'clear ip and dnsbl counters' set to one day, not never (this gave me so many headaches)
-
@sparkyMcpenguin said in TLD white list not working:
'packets' at
OK great! I didn't know that in the widget this was a thing. I had 98 million unbound queries since the last clear LOL! I have a lot of DNSBL's.
Mine had a trash can next to the word "packets" and once I clicked that it wiped the count out. I also clicked the gear and the pop under, under the table (widget) showed up where you can configure it to clear the count daily. I did that now too.
Cool!
I'm reloading both IP and DNSbl lists now. It takes like 10 minutes :P
-
You know what...
I think this is an "error" but not an "error" LOL.
Assembling DNSBL database... completed [ 03/04/20 10:45:56 ] TLD: TLD Whitelist - Missing data | esa04mx1.3zden.cloud | No IP found! |Then the "i" (information bubble says):
Enter each specific Domain and/or Sub-Domains to be Whitelisted. (Used in conjunction with TLD Blacklist only) Enter one Domain per line Examples: example.com example.com|x.x.x.x (Replace x.x.x.x with associated Domain/Sub-Domain IP Address. The First option above will collect the IP Address on each Cron run, while the second option will define a Static IP Address. You must Whitelist every Domain or Sub-Domain individually. No Regex Entries and no leading/trailing 'dot' allowed! You may use "#" after any Domain/Sub-Domain to add comments. IE: (example.com|x.x.x.x # TLD Whitelist) This List is stored as 'Base64' format in the config.xml file.Notice: "The First option above will collect the IP Address on each Cron run, while the second option will define a Static IP Address."
So...I don't think it can FIND the IP address. It says that if I just list a domain like "example.com" with no pipe + IP address that it will go find the IP.
I think this is broken and that BBCan will need to fix it. It's a bug. It's not finding the IP address and therefore still points it at the block interface of 10.10.10.1.
I'll email him a link to this discussion and perhaps he can chime in.
-
@wolfsden3 said in TLD white list not working:
You know what...
I think this is an "error" but not an "error" LOL.
Assembling DNSBL database... completed [ 03/04/20 10:45:56 ] TLD: TLD Whitelist - Missing data | esa04mx1.3zden.cloud | No IP found! |Then the "i" (information bubble says):
Enter each specific Domain and/or Sub-Domains to be Whitelisted. (Used in conjunction with TLD Blacklist only) Enter one Domain per line Examples: example.com example.com|x.x.x.x (Replace x.x.x.x with associated Domain/Sub-Domain IP Address. The First option above will collect the IP Address on each Cron run, while the second option will define a Static IP Address. You must Whitelist every Domain or Sub-Domain individually. No Regex Entries and no leading/trailing 'dot' allowed! You may use "#" after any Domain/Sub-Domain to add comments. IE: (example.com|x.x.x.x # TLD Whitelist) This List is stored as 'Base64' format in the config.xml file.Notice: "The First option above will collect the IP Address on each Cron run, while the second option will define a Static IP Address."
So...I don't think it can FIND the IP address. It says that if I just list a domain like "example.com" with no pipe + IP address that it will go find the IP.
I think this is broken and that BBCan will need to fix it. It's a bug. It's not finding the IP address and therefore still points it at the block interface of 10.10.10.1.
I'll email him a link to this discussion and perhaps he can chime in.
sure thing. i only mention the steps ive taken to diagnose similar issues. the ordering of rules loaded can sometimes affect this as well.
but yea this puzzles me a little too, if clearing the packet counter after a force update and reload didn't work... maybe the rules order is incorrect? i've had that cause the loaded rules drop from tens of thousands down to a couple hundred just because my ordering was incorrect on the ipv4 ip page in pfblockerng and the lists under dnsbl. pictures below:
this is how i have it now, accidentally had some pass lists below block lists before (oops) because of the order i added feeds in (and didn't change order afterwards) -
in regards to whitelisting i tend to just use the main whitelist in DNSBL, not the lower down TLD white/blacklisting, and just manually tend to it. my network is a garden ya dig?
-
@sparkyMcpenguin said in TLD white list not working:
You must Whitelist every Domain or Sub-Domain individually.
No Regex Entries and no leading/trailing 'dot' allowed!
You may use "#" after any Domain/Sub-Domain to add comments. IE: (example.com|x.x.x.x # TLD Whitelist)
This List is stored as 'Base64' format in the config.xml file."You must Whitelist every Domain or Sub-Domain individually.
No Regex Entries and no leading/trailing 'dot' allowed!
You may use "#" after any Domain/Sub-Domain to add comments. IE: (example.com|x.x.x.x # TLD Whitelist)
This List is stored as 'Base64' format in the config.xml file."what does your white/blacklisting in TLD look like if you can show without too much being displayed?
-
@wolfsden3 said in TLD white list not working:
@sparkyMcpenguin said in TLD white list not working:
'packets' at
OK great! I didn't know that in the widget this was a thing. I had 98 million unbound queries since the last clear LOL! I have a lot of DNSBL's.
Mine had a trash can next to the word "packets" and once I clicked that it wiped the count out. I also clicked the gear and the pop under, under the table (widget) showed up where you can configure it to clear the count daily. I did that now too.
Cool!
I'm reloading both IP and DNSbl lists now. It takes like 10 minutes :P
i just now saw this 98 MILLION? wowzers scoob
-
the ordering of the lists really affected me one day with maxmind downloads.
a newly added blocklist i had added had dnsbl's default ip listed.
needless to say it broke more than just maxmind downloads as i then had problems with DNSBL and other things (why that ip is on blocklist i dont know or really care too much, but on the blocklist it was listed as maxmind not dnsbl - to me sounded like a bad cached entry from the blocklist, which i confirmed under the 'reports' page in pfblockerng). disabling that list, doing a packet clear force update reload resolved this -
Well thanks for the discussion, I learned a few things that I'll implement at other locations. Looks like they have 760k DNS queries per day on that FW. I'm not sure if that's a lot or not.
Minimizing DNS queries is my next project although the FW is doing it's job and fairly well I think.
I'll fart around with this. I'm not sure if other sites are experiencing this too. They might very well be.
Thanks again.
-
@wolfsden3 said in TLD white list not working:
Well thanks for the discussion, I learned a few things that I'll implement at other locations. Looks like they have 760k DNS queries per day on that FW. I'm not sure if that's a lot or not.
Minimizing DNS queries is my next project although the FW is doing it's job and fairly well I think.
I'll fart around with this. I'm not sure if other sites are experiencing this too. They might very well be.
Thanks again.
in just my home network with maybe 5 devices that really put out data, ive seen 600K before, 700 doesn't seem much of a stretch over the course of a week ish (edit: depending on number of clients this is a factor i dont know lol)
-
@wolfsden3 said in TLD white list not working:
Well thanks for the discussion, I learned a few things that I'll implement at other locations. Looks like they have 760k DNS queries per day on that FW. I'm not sure if that's a lot or not.
Minimizing DNS queries is my next project although the FW is doing it's job and fairly well I think.
I'll fart around with this. I'm not sure if other sites are experiencing this too. They might very well be.
Thanks again.
last thing i promise.
below i have screenshot and posted my firewall rules:
Floating:
WAN:
LAN:
GUESTVLAN:
blacked out information is just rules for my openvpn
-
@A-Former-User said in TLD white list not working:
@wolfsden3 said in TLD white list not working:
Well thanks for the discussion, I learned a few things that I'll implement at other locations. Looks like they have 760k DNS queries per day on that FW. I'm not sure if that's a lot or not.
Minimizing DNS queries is my next project although the FW is doing it's job and fairly well I think.
I'll fart around with this. I'm not sure if other sites are experiencing this too. They might very well be.
Thanks again.
last thing i promise.
below i have screenshot and posted my firewall rules:
Floating:
WAN:
LAN:
GUESTVLAN:
blacked out information is just rules for my openvpn
I just got to say I like your firewall arrangement...bravo!
