Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    DNSBL blocks itself

    pfBlockerNG
    5
    8
    672
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      pftdm007 last edited by

      Title says it all:  I am using latest DNSBL and recently a bunch of DNSBL feeds have stopped updating because another feed is blocking pfBlockerNG from accessing the feed's addresses.

      All feeds are sourced from "https://raw.githubusercontent.com".  So I know the problem is that this domain is blacklisted by another feed but I am not sure which one.  When I try to manually go to "raw.githubusercontent.com" I get the 1x1 pixel of DNSBL which confirms what I thought.

      Is there a way to tell DNSBL "don't block what you need"?  I guess one of the feed has recently been updated to include raw.githubusercontent.com because up to last week or so all was fine…

      Thanks!

      1 Reply Last reply Reply Quote 0
      • RonpfS
        RonpfS last edited by

        And you don't see that domain in Alerts Tab ?

        2.4.5-RELEASE-p1 (amd64)
        Intel Core2 Quad CPU Q8400 @ 2.66GHz 8GB
        Backup 0.5_5, Bandwidthd 0.7.4_4, Cron 0.3.7_5, pfBlockerNG-devel 3.0.0_16, Status_Traffic_Totals 2.3.1_1, System_Patches 1.2_5

        1 Reply Last reply Reply Quote 0
        • P
          pftdm007 last edited by

          Not when DNSBL updates itself with CRON, but when I attempt to access the domain manually I see the alert.  Seems 'https://malc0de.com/bl/BOOT" is the feed that blocks raw.githubusercontent.com

          What would be the best (intended) way of allowing access to this domain even if contained on a block list?

          In DNSBL I see:

          Custom Domain Whitelist
          TLD Exclusion List
          TLD Whitelist

          Which one(s) are intended to allow manual access to a specific address/domain?  What are the differences (in a nutshell) between these ?  For example I dont see the difference between Custom Domain Whitelist and TLD whitelist…  Custom is for single addresses while TLD is for Top level domains only?

          1 Reply Last reply Reply Quote 0
          • RonpfS
            RonpfS last edited by

            githubusercontent.com is considered a TLD by pfblockerNG

            grep githubusercontent.com /usr/local/pkg/pfblockerng/dnsbl_tld
            githubusercontent.com
            

            So you may put .githubusercontent.com in DNSBL Whitelist if you consider *.githubusercontent.com safe.

            If you want to whitelist specific subdomain of githubusercontent.com domain and not the whole subdomain, then you put githubusercontent.com in TLD Exclusion List, do a Force Reload DNSBL.

            Then access the URLs again and see what subdomains need to whitelisted

            2.4.5-RELEASE-p1 (amd64)
            Intel Core2 Quad CPU Q8400 @ 2.66GHz 8GB
            Backup 0.5_5, Bandwidthd 0.7.4_4, Cron 0.3.7_5, pfBlockerNG-devel 3.0.0_16, Status_Traffic_Totals 2.3.1_1, System_Patches 1.2_5

            1 Reply Last reply Reply Quote 0
            • B
              BeerCan last edited by

              I had a similar issue recently and I found these 2 services block github

              https://lists.malwarepatrol.net/cgi/getfile?receipt=xxxxxxxxxxx&product=8&list=dansguardian
              https://malc0de.com/bl/BOOT

              1 Reply Last reply Reply Quote 0
              • V
                Velcro last edited by

                Do you not see the "+" in the alerts tab of pfBlocker, in the DNSBL section? If I get a block in DNSBL I hit the "+" to unblock it….

                1 Reply Last reply Reply Quote 0
                • P
                  pftdm007 last edited by

                  Seems to be fixed now, I added the top domain to the Custom Whitelist but instead of adding the domain manually like

                  ".githubusercontent.com"

                  I clicked on the + sign on the alert page, and the following domains were added:

                  .githubusercontent.com
                  .github.map.fastly.net # CNAME for (raw.githubusercontent.com)

                  I think the problem was that ".github.map.fastly.net" needed to be added as well. Now its working.

                  1 Reply Last reply Reply Quote 0
                  • BBcan177
                    BBcan177 Moderator last edited by

                    @lpallard:

                    Seems to be fixed now, I added the top domain to the Custom Whitelist but instead of adding the domain manually like

                    ".githubusercontent.com"

                    I clicked on the + sign on the alert page, and the following domains were added:

                    .githubusercontent.com
                    .github.map.fastly.net # CNAME for (raw.githubusercontent.com)

                    I think the problem was that ".github.map.fastly.net" needed to be added as well. Now its working.

                    Yes Whitelisting from the Alerts tab is the best, as it will automatically whitelist any CNAMES…

                    You can still whitelist manually, but you should check for CNAMES... You could use a command as follows to find them:

                    drill example.com @8.8.8.8
                    

                    "Experience is something you don't get until just after you need it."

                    Website: http://pfBlockerNG.com
                    Twitter: @BBcan177  #pfBlockerNG
                    Reddit: https://www.reddit.com/r/pfBlockerNG/new/

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post