TLD white list not working
-
eroor sending cause blocked in dnsbl.
firewall > pfblockerng > update all> reload all = correct.
for the 'counters' i mentioned, i usually clear them with the pfblocker widget on the dashboard. its a little button in the column showing 'packets' at least for me
-
@sparkyMcpenguin said in TLD white list not working:
eroor sending cause blocked in dnsbl.
firewall > pfblockerng > update all> reload all = correct.
for the 'counters' i mentioned, i usually clear them with the pfblocker widget on the dashboard. its a little button in the column showing 'packets' at least for me
i removed the picture here so it did not duplicate
i also, in the widget, have 'clear ip and dnsbl counters' set to one day, not never (this gave me so many headaches)
-
@sparkyMcpenguin said in TLD white list not working:
'packets' at
OK great! I didn't know that in the widget this was a thing. I had 98 million unbound queries since the last clear LOL! I have a lot of DNSBL's.
Mine had a trash can next to the word "packets" and once I clicked that it wiped the count out. I also clicked the gear and the pop under, under the table (widget) showed up where you can configure it to clear the count daily. I did that now too.
Cool!
I'm reloading both IP and DNSbl lists now. It takes like 10 minutes :P
-
You know what...
I think this is an "error" but not an "error" LOL.
Assembling DNSBL database... completed [ 03/04/20 10:45:56 ] TLD: TLD Whitelist - Missing data | esa04mx1.3zden.cloud | No IP found! |Then the "i" (information bubble says):
Enter each specific Domain and/or Sub-Domains to be Whitelisted. (Used in conjunction with TLD Blacklist only) Enter one Domain per line Examples: example.com example.com|x.x.x.x (Replace x.x.x.x with associated Domain/Sub-Domain IP Address. The First option above will collect the IP Address on each Cron run, while the second option will define a Static IP Address. You must Whitelist every Domain or Sub-Domain individually. No Regex Entries and no leading/trailing 'dot' allowed! You may use "#" after any Domain/Sub-Domain to add comments. IE: (example.com|x.x.x.x # TLD Whitelist) This List is stored as 'Base64' format in the config.xml file.Notice: "The First option above will collect the IP Address on each Cron run, while the second option will define a Static IP Address."
So...I don't think it can FIND the IP address. It says that if I just list a domain like "example.com" with no pipe + IP address that it will go find the IP.
I think this is broken and that BBCan will need to fix it. It's a bug. It's not finding the IP address and therefore still points it at the block interface of 10.10.10.1.
I'll email him a link to this discussion and perhaps he can chime in.
-
@wolfsden3 said in TLD white list not working:
You know what...
I think this is an "error" but not an "error" LOL.
Assembling DNSBL database... completed [ 03/04/20 10:45:56 ] TLD: TLD Whitelist - Missing data | esa04mx1.3zden.cloud | No IP found! |Then the "i" (information bubble says):
Enter each specific Domain and/or Sub-Domains to be Whitelisted. (Used in conjunction with TLD Blacklist only) Enter one Domain per line Examples: example.com example.com|x.x.x.x (Replace x.x.x.x with associated Domain/Sub-Domain IP Address. The First option above will collect the IP Address on each Cron run, while the second option will define a Static IP Address. You must Whitelist every Domain or Sub-Domain individually. No Regex Entries and no leading/trailing 'dot' allowed! You may use "#" after any Domain/Sub-Domain to add comments. IE: (example.com|x.x.x.x # TLD Whitelist) This List is stored as 'Base64' format in the config.xml file.Notice: "The First option above will collect the IP Address on each Cron run, while the second option will define a Static IP Address."
So...I don't think it can FIND the IP address. It says that if I just list a domain like "example.com" with no pipe + IP address that it will go find the IP.
I think this is broken and that BBCan will need to fix it. It's a bug. It's not finding the IP address and therefore still points it at the block interface of 10.10.10.1.
I'll email him a link to this discussion and perhaps he can chime in.
sure thing. i only mention the steps ive taken to diagnose similar issues. the ordering of rules loaded can sometimes affect this as well.
but yea this puzzles me a little too, if clearing the packet counter after a force update and reload didn't work... maybe the rules order is incorrect? i've had that cause the loaded rules drop from tens of thousands down to a couple hundred just because my ordering was incorrect on the ipv4 ip page in pfblockerng and the lists under dnsbl. pictures below:
this is how i have it now, accidentally had some pass lists below block lists before (oops) because of the order i added feeds in (and didn't change order afterwards) -
in regards to whitelisting i tend to just use the main whitelist in DNSBL, not the lower down TLD white/blacklisting, and just manually tend to it. my network is a garden ya dig?
-
@sparkyMcpenguin said in TLD white list not working:
You must Whitelist every Domain or Sub-Domain individually.
No Regex Entries and no leading/trailing 'dot' allowed!
You may use "#" after any Domain/Sub-Domain to add comments. IE: (example.com|x.x.x.x # TLD Whitelist)
This List is stored as 'Base64' format in the config.xml file."You must Whitelist every Domain or Sub-Domain individually.
No Regex Entries and no leading/trailing 'dot' allowed!
You may use "#" after any Domain/Sub-Domain to add comments. IE: (example.com|x.x.x.x # TLD Whitelist)
This List is stored as 'Base64' format in the config.xml file."what does your white/blacklisting in TLD look like if you can show without too much being displayed?
-
@wolfsden3 said in TLD white list not working:
@sparkyMcpenguin said in TLD white list not working:
'packets' at
OK great! I didn't know that in the widget this was a thing. I had 98 million unbound queries since the last clear LOL! I have a lot of DNSBL's.
Mine had a trash can next to the word "packets" and once I clicked that it wiped the count out. I also clicked the gear and the pop under, under the table (widget) showed up where you can configure it to clear the count daily. I did that now too.
Cool!
I'm reloading both IP and DNSbl lists now. It takes like 10 minutes :P
i just now saw this 98 MILLION? wowzers scoob
-
the ordering of the lists really affected me one day with maxmind downloads.
a newly added blocklist i had added had dnsbl's default ip listed.
needless to say it broke more than just maxmind downloads as i then had problems with DNSBL and other things (why that ip is on blocklist i dont know or really care too much, but on the blocklist it was listed as maxmind not dnsbl - to me sounded like a bad cached entry from the blocklist, which i confirmed under the 'reports' page in pfblockerng). disabling that list, doing a packet clear force update reload resolved this -
Well thanks for the discussion, I learned a few things that I'll implement at other locations. Looks like they have 760k DNS queries per day on that FW. I'm not sure if that's a lot or not.
Minimizing DNS queries is my next project although the FW is doing it's job and fairly well I think.
I'll fart around with this. I'm not sure if other sites are experiencing this too. They might very well be.
Thanks again.
-
@wolfsden3 said in TLD white list not working:
Well thanks for the discussion, I learned a few things that I'll implement at other locations. Looks like they have 760k DNS queries per day on that FW. I'm not sure if that's a lot or not.
Minimizing DNS queries is my next project although the FW is doing it's job and fairly well I think.
I'll fart around with this. I'm not sure if other sites are experiencing this too. They might very well be.
Thanks again.
in just my home network with maybe 5 devices that really put out data, ive seen 600K before, 700 doesn't seem much of a stretch over the course of a week ish (edit: depending on number of clients this is a factor i dont know lol)
-
@wolfsden3 said in TLD white list not working:
Well thanks for the discussion, I learned a few things that I'll implement at other locations. Looks like they have 760k DNS queries per day on that FW. I'm not sure if that's a lot or not.
Minimizing DNS queries is my next project although the FW is doing it's job and fairly well I think.
I'll fart around with this. I'm not sure if other sites are experiencing this too. They might very well be.
Thanks again.
last thing i promise.
below i have screenshot and posted my firewall rules:
Floating:
WAN:
LAN:
GUESTVLAN:
blacked out information is just rules for my openvpn
-
@A-Former-User said in TLD white list not working:
@wolfsden3 said in TLD white list not working:
Well thanks for the discussion, I learned a few things that I'll implement at other locations. Looks like they have 760k DNS queries per day on that FW. I'm not sure if that's a lot or not.
Minimizing DNS queries is my next project although the FW is doing it's job and fairly well I think.
I'll fart around with this. I'm not sure if other sites are experiencing this too. They might very well be.
Thanks again.
last thing i promise.
below i have screenshot and posted my firewall rules:
Floating:
WAN:
LAN:
GUESTVLAN:
blacked out information is just rules for my openvpn
I just got to say I like your firewall arrangement...bravo!
