Testing DNSBL with DNS Lookup

bhjitsense

In pfSense, I would sometimes test whether a domain was blocked via DNSBL by going to Diagnostics > DNS Lookup to see if the domain resolves to the DNSBL VIP. But recently I've noticed that even domains that show up in the Reports section as having been blocked, when a DNS Lookup is performed on these, it resolves to their actual IP. Did something change or did I bork something up somewhere?

Gertjan

@bhjitsense said in Testing DNSBL with DNS Lookup:

did I bork something up somewhere

Probably.

When I take a domain out of one of "my"files :

I took the "1bdmall.com" listed :

It works as advertised.

bhjitsense

I know that's the way it's supposed to happen. But I'm mainly trying to find out why it isn't. Here is DNSBL blocking this domain;

And here's me doing a DNS Lookup on said domain.

Gertjan

Hover the mouse over de black + sign and you'll see a popup that shwos in which file (DNSBL feed) the domain is presented as DNSBL.
Probably, it's a top level domain like roku.com

You have both selected :

?

bhjitsense

I currently have TLD disabled while I'm troubleshooting this since that was a change I had made recently. This seems to occur in either case. Doing nslookup on various endpoints, DNSBL seems to be working fine. It just looks like the firewall itself is somehow exempt or is bypassing DNSBL.

Gertjan

@bhjitsense said in Testing DNSBL with DNS Lookup:

firewall itself is somehow exempt or is bypassing DNSBL.

The firewall is using "127.0.0.1 - port 53" - on on that port unbound, the resolver is listening.
That is, if you did not add other servers, which isn't needed.
(people tend to throw in 1.1.1.1 - 8.8.8.8 - etc and then strange things happens ;) )