Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    DNSBL - Blocking of iOS App Downloads

    Scheduled Pinned Locked Moved pfBlockerNG
    4 Posts 2 Posters 2.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      rebytr
      last edited by

      Can't seem to figure this one out.  With DNSBL enabled, I am unable to download / update iOS apps on any of my iOS devices.  Works fine with DNSBL disabled.  See attached image of the alert that gets generated in DNSBL.  What I can't figure out is which list is generating the block and even adding the domain to the whitelist doesn't resolve the issue.  Hovering over the 'plus' sign, says "This Domain is already in the DNSBL WhiteList" and it won't let me add it again.

      I guess I could disable every list until I figure out which one is causing the problem, but hoping someone has some tips  on an easier way of identifying which list is generating the block.  Also, would be good to better understand why it's still getting blocked even if it's defined in the WhiteList.  I also confirmed this is the only alert being generated when attempting to download/update iOS apps.
      ![DNSBL Alert.JPG](/public/imported_attachments/1/DNSBL Alert.JPG)
      ![DNSBL Alert.JPG_thumb](/public/imported_attachments/1/DNSBL Alert.JPG_thumb)

      1 Reply Last reply Reply Quote 0
      • RonpfSR
        RonpfS
        last edited by

        Not much information provided with only 1 alert! :o

        ; <<>> DiG 9.11.0-P3 <<>> iosapps.itunes.apple.com
        ;; global options: +cmd
        ;; Got answer:
        ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 15500
        ;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1
        
        ;; OPT PSEUDOSECTION:
        ; EDNS: version: 0, flags:; udp: 4096
        ;; QUESTION SECTION:
        ;iosapps.itunes.apple.com.	IN	A
        
        ;; ANSWER SECTION:
        iosapps.itunes.apple.com. 86399	IN	CNAME	iosapps.itunes.g.aaplimg.com.
        iosapps.itunes.g.aaplimg.com. 15 IN	A	17.253.11.201
        iosapps.itunes.g.aaplimg.com. 15 IN	A	17.253.11.203
        
        ;; Query time: 2278 msec
        ;; SERVER: 127.0.0.1#53(127.0.0.1)
        ;; WHEN: Wed May 17 19:18:51 EDT 2017
        ;; MSG SIZE  rcvd: 124
        

        So you might have to add the CNAMEs to Firewall / pfBlockerNG/ DNSBL / DNSBL Whitelist

        2.4.5-RELEASE-p1 (amd64)
        Intel Core2 Quad CPU Q8400 @ 2.66GHz 8GB
        Backup 0.5_5, Bandwidthd 0.7.4_4, Cron 0.3.7_5, pfBlockerNG-devel 3.0.0_16, Status_Traffic_Totals 2.3.1_1, System_Patches 1.2_5

        1 Reply Last reply Reply Quote 0
        • R
          rebytr
          last edited by

          Bingo!  Adding the CNAME entry to the white list resolved it.

          1 Reply Last reply Reply Quote 0
          • RonpfSR
            RonpfS
            last edited by

            When you click on the suppression icon, pfBlockerNG will Whitelist the domain and it's CNAMEs.  8)

            I you do the suppression directly in the DNSBL Whitelist, you have to find the CNAMEs and add them to the list.  ;)

            2.4.5-RELEASE-p1 (amd64)
            Intel Core2 Quad CPU Q8400 @ 2.66GHz 8GB
            Backup 0.5_5, Bandwidthd 0.7.4_4, Cron 0.3.7_5, pfBlockerNG-devel 3.0.0_16, Status_Traffic_Totals 2.3.1_1, System_Patches 1.2_5

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.