Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    DNSBL blocks itself

    Scheduled Pinned Locked Moved pfBlockerNG
    8 Posts 5 Posters 1.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      pftdm007
      last edited by

      Title says it all:  I am using latest DNSBL and recently a bunch of DNSBL feeds have stopped updating because another feed is blocking pfBlockerNG from accessing the feed's addresses.

      All feeds are sourced from "https://raw.githubusercontent.com".  So I know the problem is that this domain is blacklisted by another feed but I am not sure which one.  When I try to manually go to "raw.githubusercontent.com" I get the 1x1 pixel of DNSBL which confirms what I thought.

      Is there a way to tell DNSBL "don't block what you need"?  I guess one of the feed has recently been updated to include raw.githubusercontent.com because up to last week or so all was fine…

      Thanks!

      1 Reply Last reply Reply Quote 0
      • RonpfSR
        RonpfS
        last edited by

        And you don't see that domain in Alerts Tab ?

        2.4.5-RELEASE-p1 (amd64)
        Intel Core2 Quad CPU Q8400 @ 2.66GHz 8GB
        Backup 0.5_5, Bandwidthd 0.7.4_4, Cron 0.3.7_5, pfBlockerNG-devel 3.0.0_16, Status_Traffic_Totals 2.3.1_1, System_Patches 1.2_5

        1 Reply Last reply Reply Quote 0
        • P
          pftdm007
          last edited by

          Not when DNSBL updates itself with CRON, but when I attempt to access the domain manually I see the alert.  Seems 'https://malc0de.com/bl/BOOT" is the feed that blocks raw.githubusercontent.com

          What would be the best (intended) way of allowing access to this domain even if contained on a block list?

          In DNSBL I see:

          Custom Domain Whitelist
          TLD Exclusion List
          TLD Whitelist

          Which one(s) are intended to allow manual access to a specific address/domain?  What are the differences (in a nutshell) between these ?  For example I dont see the difference between Custom Domain Whitelist and TLD whitelist…  Custom is for single addresses while TLD is for Top level domains only?

          1 Reply Last reply Reply Quote 0
          • RonpfSR
            RonpfS
            last edited by

            githubusercontent.com is considered a TLD by pfblockerNG

            grep githubusercontent.com /usr/local/pkg/pfblockerng/dnsbl_tld
            githubusercontent.com
            

            So you may put .githubusercontent.com in DNSBL Whitelist if you consider *.githubusercontent.com safe.

            If you want to whitelist specific subdomain of githubusercontent.com domain and not the whole subdomain, then you put githubusercontent.com in TLD Exclusion List, do a Force Reload DNSBL.

            Then access the URLs again and see what subdomains need to whitelisted

            2.4.5-RELEASE-p1 (amd64)
            Intel Core2 Quad CPU Q8400 @ 2.66GHz 8GB
            Backup 0.5_5, Bandwidthd 0.7.4_4, Cron 0.3.7_5, pfBlockerNG-devel 3.0.0_16, Status_Traffic_Totals 2.3.1_1, System_Patches 1.2_5

            1 Reply Last reply Reply Quote 0
            • B
              BeerCan
              last edited by

              I had a similar issue recently and I found these 2 services block github

              https://lists.malwarepatrol.net/cgi/getfile?receipt=xxxxxxxxxxx&product=8&list=dansguardian
              https://malc0de.com/bl/BOOT

              1 Reply Last reply Reply Quote 0
              • V
                Velcro
                last edited by

                Do you not see the "+" in the alerts tab of pfBlocker, in the DNSBL section? If I get a block in DNSBL I hit the "+" to unblock it….

                1 Reply Last reply Reply Quote 0
                • P
                  pftdm007
                  last edited by

                  Seems to be fixed now, I added the top domain to the Custom Whitelist but instead of adding the domain manually like

                  ".githubusercontent.com"

                  I clicked on the + sign on the alert page, and the following domains were added:

                  .githubusercontent.com
                  .github.map.fastly.net # CNAME for (raw.githubusercontent.com)

                  I think the problem was that ".github.map.fastly.net" needed to be added as well. Now its working.

                  1 Reply Last reply Reply Quote 0
                  • BBcan177B
                    BBcan177 Moderator
                    last edited by

                    @lpallard:

                    Seems to be fixed now, I added the top domain to the Custom Whitelist but instead of adding the domain manually like

                    ".githubusercontent.com"

                    I clicked on the + sign on the alert page, and the following domains were added:

                    .githubusercontent.com
                    .github.map.fastly.net # CNAME for (raw.githubusercontent.com)

                    I think the problem was that ".github.map.fastly.net" needed to be added as well. Now its working.

                    Yes Whitelisting from the Alerts tab is the best, as it will automatically whitelist any CNAMES…

                    You can still whitelist manually, but you should check for CNAMES... You could use a command as follows to find them:

                    drill example.com @8.8.8.8
                    

                    "Experience is something you don't get until just after you need it."

                    Website: http://pfBlockerNG.com
                    Twitter: @BBcan177  #pfBlockerNG
                    Reddit: https://www.reddit.com/r/pfBlockerNG/new/

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.