Blocking TLD's


  • Banned

    Hi all,
    Just setup the DNSBL with a bunch of recommended lists, but my real purpose is to block unwanted TLD's from getting to my email server.
    I setup an exclusion list and a blacklist. Alerts show the blocked TLD's like I expected, but the connection was still passed to my email server.

    Is there something else I need to do to block these TLD's from being passed on?

    As you can see, the alert is there for the unwanted TLD, but it was still delivered to the email server.
    Do I need to add a firewall rule? Seems pointless to use if I cannot block these.





  • Do not mix Domain name blocking and IP blocking.

    IP blocking is done with IP tables and firewall rules.

    DNSBL is for Domain name requests coming from inside the firewall, it doesn't prevent incoming access from outside the firewall

    DNSBL intercept the Domain name request and provides the VIP instead of the real IP of the domain to the client inside the firewall.

    The firewall rule in DNSBL is for domain tables that includes IPs. pfblockerNG will collects those IPs in DNSBLIP table and generate a firewall rules when the box is checked. There is only a few IPs collected during DNSBL update (on my setup : 15K IPs vs 560K domain names).


  • Banned

    Thanks for the reply. I guess DNSBL is not what I am looking for. I will shut it down.

    Pfblocker does a good job with countries. I just wanted something that could do the same with TLD's. Any suggestions?



  • I'd like to chime in here.  I think the TLD blocking is primarily for "outbound" traffic not inbound.  It's used with unbound DNS resolve.

    So if you setup your systems like this you can screen nasty TLD's from your end users like this:  (Block TLD:  .top, .party, .ms <– which blocks skype auth, etc)...

    PC DNS points to DNS server > DNS server DNS forwarder points to PFSense which uses Unbound, checks the TLD and decides > PFSense's DNS looks to your ISP or some other DNS provider like OpenDNS, Comodo, etc.

    It's mean to protect internal LAN assets not block external ones.

    NOW...if you want to block external TLD's form your mail server what type of mail server do you have?

    You can block junk TLD's by parsing your log files or sometimes spam filters like mail cleaner let you just put the TLD's in there.  For POSTFIX you can do it like this:  https://whackersforhackers.com/2017/03/08/tld-blocking-in-postfix-mta/

    There are more ways to TLD block BUT I'd suggest not using PFSense and TLD blocking in PFBlocker to do it because that's not what PFBlocker is trying to do here (I don't think with respect to TLD's and how DNSBL works).

    Good luck!