Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    DNSBL blocking Youtube???

    Scheduled Pinned Locked Moved pfBlockerNG
    9 Posts 4 Posters 6.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      jwalhous
      last edited by

      Hi,
      Seeing a strange issue with DNSBL, keep getting the following when going to you tube

      The owner of www.youtube.com has configured their website improperly. To protect your information from being stolen, Firefox has not connected to this website.

      This site uses HTTP Strict Transport Security (HSTS) to specify that Firefox only connect to it securely. As a result, it is not possible to add an exception for this certificate.

      It say the certificate is self signed.

      This has only just started happening in the last few days, turning off DNSBL resolves the issue.
      I've tried White Listing youtube and this makes no difference, I have the logging turned on and it shows youtube but also says its in the whitelist, it doesn't show as being on any blacklists so why is it trying to redirect to 10.0.0.1

      Any help would be very much appreciated.

      1 Reply Last reply Reply Quote 0
      • RonpfSR
        RonpfS
        last edited by

        Go to Firewall / pfBlockerNG / Alerts
        You will see what sites DNSBL blocked. Hover on the "+" whitelist icon for option on how to whitelist site.

        2.4.5-RELEASE-p1 (amd64)
        Intel Core2 Quad CPU Q8400 @ 2.66GHz 8GB
        Backup 0.5_5, Bandwidthd 0.7.4_4, Cron 0.3.7_5, pfBlockerNG-devel 3.0.0_16, Status_Traffic_Totals 2.3.1_1, System_Patches 1.2_5

        1 Reply Last reply Reply Quote 0
        • N
          nathulal
          last edited by

          @jwalhous:

          Hi,
          Seeing a strange issue with DNSBL, keep getting the following when going to you tube

          The owner of www.youtube.com has configured their website improperly. To protect your information from being stolen, Firefox has not connected to this website.

          This site uses HTTP Strict Transport Security (HSTS) to specify that Firefox only connect to it securely. As a result, it is not possible to add an exception for this certificate.

          It say the certificate is self signed.

          This has only just started happening in the last few days, turning off DNSBL resolves the issue.
          I've tried White Listing youtube and this makes no difference, I have the logging turned on and it shows youtube but also says its in the whitelist, it doesn't show as being on any blacklists so why is it trying to redirect to 10.0.0.1

          Any help would be very much appreciated.

          I am seeing the same thing with youtube.com. It gets logged in the Alerts tap as blocked with "No Match" as the source. Happens randomly on all my devices, iPhones/iPads/AppleTV/PCs. Switching wifi off and back on the device having the issue resolves it. Adding to whitelist and forcing a reload of the DNSBL list under pfBlockerNG has no effect.

          Looks like an issue with the latest update of the pfBlocker. I am running pfBlockerNG version 2.1.1_2. pfSense version 2.3.2.

          1 Reply Last reply Reply Quote 0
          • RonpfSR
            RonpfS
            last edited by

            When it is Whitelisted, is shows as a no match.

            Did you flush the DNS cache on the client ?

            www.youtube.com also is a CNAME youtube-ui.l.google.com
            you may have to whitelist the CNAME as well.

            drill @8.8.8.8 www.youtube.com

;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 29949
;; flags: qr rd ra ; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;; www.youtube.com.	IN	A

;; ANSWER SECTION:
www.youtube.com.	21599	IN	CNAME	youtube-ui.l.google.com.
youtube-ui.l.google.com.	299	IN	A	205.237.38.114
youtube-ui.l.google.com.	299	IN	A	205.237.38.123
youtube-ui.l.google.com.	299	IN	A	205.237.38.118
youtube-ui.l.google.com.	299	IN	A	205.237.38.119
youtube-ui.l.google.com.	299	IN	A	205.237.38.120
youtube-ui.l.google.com.	299	IN	A	205.237.38.113
youtube-ui.l.google.com.	299	IN	A	205.237.38.121
youtube-ui.l.google.com.	299	IN	A	205.237.38.117
youtube-ui.l.google.com.	299	IN	A	205.237.38.122
youtube-ui.l.google.com.	299	IN	A	205.237.38.116
youtube-ui.l.google.com.	299	IN	A	205.237.38.112
youtube-ui.l.google.com.	299	IN	A	205.237.38.115

;; AUTHORITY SECTION:

;; ADDITIONAL SECTION:

;; Query time: 216 msec
;; SERVER: 8.8.8.8
;; WHEN: Sat Aug  6 22:11:23 2016
;; MSG SIZE  rcvd: 259

            If you clicked on the "+" icon, it should have put the CNAME to the Custom Domain Whitelist

            2.4.5-RELEASE-p1 (amd64)
            Intel Core2 Quad CPU Q8400 @ 2.66GHz 8GB
            Backup 0.5_5, Bandwidthd 0.7.4_4, Cron 0.3.7_5, pfBlockerNG-devel 3.0.0_16, Status_Traffic_Totals 2.3.1_1, System_Patches 1.2_5

            1 Reply Last reply Reply Quote 0
            • J
              jwalhous
              last edited by

              Thanks for your replies, both those entries are in the whitelist but it makes no difference, I temporary disabled the feeds and only using the easy list which seems to work, however not many ads are getting blocked now :-(
              I did flush the dns cache and it doesn't help.

              1 Reply Last reply Reply Quote 0
              • RonpfSR
                RonpfS
                last edited by

                And you ran a Force Reload DNSBL when you whitelisted the site ?

                Goto into dev mode in the browser (F12). Then goto "console" and see what's being blocked when he loads that webpage.

                2.4.5-RELEASE-p1 (amd64)
                Intel Core2 Quad CPU Q8400 @ 2.66GHz 8GB
                Backup 0.5_5, Bandwidthd 0.7.4_4, Cron 0.3.7_5, pfBlockerNG-devel 3.0.0_16, Status_Traffic_Totals 2.3.1_1, System_Patches 1.2_5

                1 Reply Last reply Reply Quote 0
                • ivorI
                  ivor
                  last edited by

                  I think one of the built in blocklists had certain YouTube IP's blacklisted, it happened to me as well. I just updated feeds and problem is gone.

                  Need help fast? Our support is available 24/7 https://www.netgate.com/support/

                  1 Reply Last reply Reply Quote 0
                  • J
                    jwalhous
                    last edited by

                    Updated the dnsbl feeds today and it apears to be all good again, thanks everyone for your suggestions and help :-)

                    1 Reply Last reply Reply Quote 0
                    • N
                      nathulal
                      last edited by

                      @ivor:

                      I think one of the built in blocklists had certain YouTube IP's blacklisted, it happened to me as well. I just updated feeds and problem is gone.

                      I updated the feeds and that seems to have resolved the issue. Thanks everyone.

                      1 Reply Last reply Reply Quote 0
                      • First post
                        Last post
                      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.