DNS custom blocklist
-
I'm sure this is already covered, but a search didn't bring a conclusive answer to the most appropriate way to do this.
I'm using the DNSBL feature, and have a few feeds enabled. But I would like to have a custom blocklist to block some specific domains.
What's the ideal way to achieve this ? It seems I can either:
-
Add a DNSBL feed for the custom block list, but:
- Do I need to specify a file in the source section ? If the feed state is OFF, does this disable this feed, or just the 'downloading' of it.
- Could I just create a blank feed and use the Custom Block List space ? -
Use the Custom Block List of an existing feed (but it would be nice to keep things separate from an admin point)
-
Use the IPv4 Custom list area of an existing IPv4 list and add the domain there
What's the recommended way ?
Thanks.
-
-
- Add a DNSBL feed for the custom block list, but:
- Do I need to specify a file in the source section ? If the feed state is OFF, does this disable this feed, or just the 'downloading' of it.
You have to create the file on your pfsense, then you give the path in the DNSBL feed.
- Could I just create a blank feed and use the Custom Block List space ?
Yes
@spoiler:- Use the Custom Block List of an existing feed (but it would be nice to keep things separate from an admin point)
Also
@spoiler:- Use the IPv4 Custom list area of an existing IPv4 list and add the domain there
IPv4 list will block IPs with FW rules. DNSBL will redirect the DNS request to the VIP and will give you a 1x1Gif instead of the original HTTP URL.
When you input FQDN in IPv4 it will resolve to IP when the feed is updated. If the DNS record is modified, the new IPs will only be picked when the IPv4 feed is updated.
- Add a DNSBL feed for the custom block list, but:
-
Thanks for the information. I added a new DNSBL list - no source defined, and the status = OFF.
Added the target domain to the Custom Block List, did a force update and the domain is blocked :-) -
I had some particularly nasty ads popping up on my android which led me to want to manually block some ad servers via the DNSBL, so I eventually figured out how to do this today and used the method spoiler describes. I found the process a bit confusing since the 'feeds' section would seem to be for feeds and not necessarily user defined lists. At first I was manually editing a file in /var/unbound and mimicking the format used in pfb_dnsbl.conf which was cumbersome. I was glad to find this method but I wish there had been kind of clue as to how to get there. Thanks spoiler!
-
I had some particularly nasty ads popping up on my android which led me to want to manually block some ad servers via the DNSBL, so I eventually figured out how to do this today and used the method spoiler describes. I found the process a bit confusing since the 'feeds' section would seem to be for feeds and not necessarily user defined lists. At first I was manually editing a file in /var/unbound and mimicking the format used in pfb_dnsbl.conf which was cumbersome. I was glad to find this method but I wish there had been kind of clue as to how to get there. Thanks spoiler!
Its not recommended to edit the /var/unbound/pfb_dnsbl.conf file as that will get overwritten on cron updates…
The DNSBL Feeds Custom list is the easiest option to manually add Domains... You can also write the Domains to a text file accessible to the pfSense box (Local webserver) or on the pfSense box itself... See the blue infoblock icons on the DNSBL Feed tab for more details...
