Re: DNSBL Interface
-
This originally came up because pfBlocker adds this:
10.10.10.1/32 LAN IP Alias pfB DNSBL - DO NOT EDIT
I do not know why he chose to put that on LAN and not localhost. Probably has a good reason.
Lighttpd (which serves the 1x1pix) is running on the VIP address as it can't bind to localhost or 0.0.0.0, plus the sinkholed DNS request(s) need to be directed to the DNSBL VIP listening ports.
-
This originally came up because pfBlocker adds this:
10.10.10.1/32 LAN IP Alias pfB DNSBL - DO NOT EDIT
I do not know why he chose to put that on LAN and not localhost. Probably has a good reason.
Lighttpd (which serves the 1x1pix) is running on the VIP address as it can't bind to localhost or 0.0.0.0, plus the sinkholed DNS request(s) need to be directed to the DNSBL VIP listening ports.
@Derelict: Oh, I see what you mean now… Just tested the VIP Interface using "localhost" and it seems to work fine.
I assume that this would negate any needed "permit" rules for other LAN subnets to access the DNSBL VIP since its on localhost?
-
Seems to me if the traffic is passed from the clients to 10.10.10.1 it will work whether the VIP is on LAN or Localhost.
Most probably pass the traffic via the default any rule on LAN.
-
Hey BBCan,
Ran into some strangeness over the last few days. Why would I only be getting this in my logs? It appears that nothing else is resolving….
-
Hey BBCan,
Ran into some strangeness over the last few days. Why would I only be getting this in my logs? It appears that nothing else is resolving….If your referring to the "unknown" msg, then that is normal for HTTPS alerts, the browser fails to load the DNSBL webserver (as expected) and as such only a portion of the alert can be logged. Hover over the key icon.
-
-
Hey BBCan,
Ran into some strangeness over the last few days. Why would I only be getting this in my logs? It appears that nothing else is resolving….If your referring to the "unknown" msg, then that is normal for HTTPS alerts, the browser fails to load the DNSBL webserver (as expected) and as such only a portion of the alert can be logged. Hover over the key icon.
Did something change in with the logging? I'm fairly certain I never saw those messages on a regular basis. It was always source/destination of visited websites…..
