TLD white list not working

wolfsden3

@sparkyMcpenguin said in TLD white list not working:

'packets' at

OK great! I didn't know that in the widget this was a thing. I had 98 million unbound queries since the last clear LOL! I have a lot of DNSBL's.

Mine had a trash can next to the word "packets" and once I clicked that it wiped the count out. I also clicked the gear and the pop under, under the table (widget) showed up where you can configure it to clear the count daily. I did that now too.

Cool!

I'm reloading both IP and DNSbl lists now. It takes like 10 minutes :P

wolfsden3

You know what...

I think this is an "error" but not an "error" LOL.

Assembling DNSBL database... completed [ 03/04/20 10:45:56 ]
TLD:

 TLD Whitelist - Missing data | esa04mx1.3zden.cloud | No IP found! |

Then the "i" (information bubble says):

Enter each specific Domain and/or Sub-Domains to be Whitelisted. (Used in conjunction with TLD Blacklist only) 
Enter one  Domain per line
Examples:

    example.com
    example.com|x.x.x.x  (Replace x.x.x.x with associated Domain/Sub-Domain IP Address.

The First option above will collect the IP Address on each Cron run, while the second option will define a Static IP Address.

You must Whitelist every Domain or Sub-Domain individually.
No Regex Entries and no leading/trailing 'dot' allowed!
You may use "#" after any Domain/Sub-Domain to add comments. IE: (example.com|x.x.x.x # TLD Whitelist)
This List is stored as 'Base64' format in the config.xml file.

Notice: "The First option above will collect the IP Address on each Cron run, while the second option will define a Static IP Address."

So...I don't think it can FIND the IP address. It says that if I just list a domain like "example.com" with no pipe + IP address that it will go find the IP.

I think this is broken and that BBCan will need to fix it. It's a bug. It's not finding the IP address and therefore still points it at the block interface of 10.10.10.1.

I'll email him a link to this discussion and perhaps he can chime in.

A Former User

@wolfsden3 said in TLD white list not working:

You know what...

I think this is an "error" but not an "error" LOL.

Assembling DNSBL database... completed [ 03/04/20 10:45:56 ]
TLD:

 TLD Whitelist - Missing data | esa04mx1.3zden.cloud | No IP found! |

Then the "i" (information bubble says):

Enter each specific Domain and/or Sub-Domains to be Whitelisted. (Used in conjunction with TLD Blacklist only) 
Enter one  Domain per line
Examples:

    example.com
    example.com|x.x.x.x  (Replace x.x.x.x with associated Domain/Sub-Domain IP Address.

The First option above will collect the IP Address on each Cron run, while the second option will define a Static IP Address.

You must Whitelist every Domain or Sub-Domain individually.
No Regex Entries and no leading/trailing 'dot' allowed!
You may use "#" after any Domain/Sub-Domain to add comments. IE: (example.com|x.x.x.x # TLD Whitelist)
This List is stored as 'Base64' format in the config.xml file.

Notice: "The First option above will collect the IP Address on each Cron run, while the second option will define a Static IP Address."

So...I don't think it can FIND the IP address. It says that if I just list a domain like "example.com" with no pipe + IP address that it will go find the IP.

I think this is broken and that BBCan will need to fix it. It's a bug. It's not finding the IP address and therefore still points it at the block interface of 10.10.10.1.

I'll email him a link to this discussion and perhaps he can chime in.

sure thing. i only mention the steps ive taken to diagnose similar issues. the ordering of rules loaded can sometimes affect this as well.

but yea this puzzles me a little too, if clearing the packet counter after a force update and reload didn't work... maybe the rules order is incorrect? i've had that cause the loaded rules drop from tens of thousands down to a couple hundred just because my ordering was incorrect on the ipv4 ip page in pfblockerng and the lists under dnsbl. pictures below:

this is how i have it now, accidentally had some pass lists below block lists before (oops) because of the order i added feeds in (and didn't change order afterwards)

A Former User

in regards to whitelisting i tend to just use the main whitelist in DNSBL, not the lower down TLD white/blacklisting, and just manually tend to it. my network is a garden ya dig?

A Former User

@sparkyMcpenguin said in TLD white list not working:

You must Whitelist every Domain or Sub-Domain individually.
No Regex Entries and no leading/trailing 'dot' allowed!
You may use "#" after any Domain/Sub-Domain to add comments. IE: (example.com|x.x.x.x # TLD Whitelist)
This List is stored as 'Base64' format in the config.xml file.

"You must Whitelist every Domain or Sub-Domain individually.
No Regex Entries and no leading/trailing 'dot' allowed!
You may use "#" after any Domain/Sub-Domain to add comments. IE: (example.com|x.x.x.x # TLD Whitelist)
This List is stored as 'Base64' format in the config.xml file."

what does your white/blacklisting in TLD look like if you can show without too much being displayed?

A Former User

@wolfsden3 said in TLD white list not working:

@sparkyMcpenguin said in TLD white list not working:

'packets' at

OK great! I didn't know that in the widget this was a thing. I had 98 million unbound queries since the last clear LOL! I have a lot of DNSBL's.

Mine had a trash can next to the word "packets" and once I clicked that it wiped the count out. I also clicked the gear and the pop under, under the table (widget) showed up where you can configure it to clear the count daily. I did that now too.

Cool!

I'm reloading both IP and DNSbl lists now. It takes like 10 minutes :P

i just now saw this 98 MILLION? wowzers scoob

A Former User

the ordering of the lists really affected me one day with maxmind downloads.
a newly added blocklist i had added had dnsbl's default ip listed.
needless to say it broke more than just maxmind downloads as i then had problems with DNSBL and other things (why that ip is on blocklist i dont know or really care too much, but on the blocklist it was listed as maxmind not dnsbl - to me sounded like a bad cached entry from the blocklist, which i confirmed under the 'reports' page in pfblockerng). disabling that list, doing a packet clear force update reload resolved this

wolfsden3

Well thanks for the discussion, I learned a few things that I'll implement at other locations. Looks like they have 760k DNS queries per day on that FW. I'm not sure if that's a lot or not.

Minimizing DNS queries is my next project although the FW is doing it's job and fairly well I think.

I'll fart around with this. I'm not sure if other sites are experiencing this too. They might very well be.

Thanks again.

A Former User

@wolfsden3 said in TLD white list not working:

Well thanks for the discussion, I learned a few things that I'll implement at other locations. Looks like they have 760k DNS queries per day on that FW. I'm not sure if that's a lot or not.

Minimizing DNS queries is my next project although the FW is doing it's job and fairly well I think.

I'll fart around with this. I'm not sure if other sites are experiencing this too. They might very well be.

Thanks again.

in just my home network with maybe 5 devices that really put out data, ive seen 600K before, 700 doesn't seem much of a stretch over the course of a week ish (edit: depending on number of clients this is a factor i dont know lol)

A Former User

@wolfsden3 said in TLD white list not working:

Well thanks for the discussion, I learned a few things that I'll implement at other locations. Looks like they have 760k DNS queries per day on that FW. I'm not sure if that's a lot or not.

Minimizing DNS queries is my next project although the FW is doing it's job and fairly well I think.

I'll fart around with this. I'm not sure if other sites are experiencing this too. They might very well be.

Thanks again.

last thing i promise.

below i have screenshot and posted my firewall rules:

Floating:

WAN:

LAN:

GUESTVLAN:

blacked out information is just rules for my openvpn

NollipfSense

@A-Former-User said in TLD white list not working:

@wolfsden3 said in TLD white list not working:

Well thanks for the discussion, I learned a few things that I'll implement at other locations. Looks like they have 760k DNS queries per day on that FW. I'm not sure if that's a lot or not.

Minimizing DNS queries is my next project although the FW is doing it's job and fairly well I think.

I'll fart around with this. I'm not sure if other sites are experiencing this too. They might very well be.

Thanks again.

last thing i promise.

below i have screenshot and posted my firewall rules:

Floating:

WAN:

LAN:

GUESTVLAN:

blacked out information is just rules for my openvpn

I just got to say I like your firewall arrangement...bravo!