DNSBL blocks itself
-
Title says it all: I am using latest DNSBL and recently a bunch of DNSBL feeds have stopped updating because another feed is blocking pfBlockerNG from accessing the feed's addresses.
All feeds are sourced from "https://raw.githubusercontent.com". So I know the problem is that this domain is blacklisted by another feed but I am not sure which one. When I try to manually go to "raw.githubusercontent.com" I get the 1x1 pixel of DNSBL which confirms what I thought.
Is there a way to tell DNSBL "don't block what you need"? I guess one of the feed has recently been updated to include raw.githubusercontent.com because up to last week or so all was fine…
Thanks!
-
And you don't see that domain in Alerts Tab ?
-
Not when DNSBL updates itself with CRON, but when I attempt to access the domain manually I see the alert. Seems 'https://malc0de.com/bl/BOOT" is the feed that blocks raw.githubusercontent.com
What would be the best (intended) way of allowing access to this domain even if contained on a block list?
In DNSBL I see:
Custom Domain Whitelist
TLD Exclusion List
TLD WhitelistWhich one(s) are intended to allow manual access to a specific address/domain? What are the differences (in a nutshell) between these ? For example I dont see the difference between Custom Domain Whitelist and TLD whitelist… Custom is for single addresses while TLD is for Top level domains only?
-
githubusercontent.com is considered a TLD by pfblockerNG
grep githubusercontent.com /usr/local/pkg/pfblockerng/dnsbl_tld githubusercontent.comSo you may put .githubusercontent.com in DNSBL Whitelist if you consider *.githubusercontent.com safe.
If you want to whitelist specific subdomain of githubusercontent.com domain and not the whole subdomain, then you put githubusercontent.com in TLD Exclusion List, do a Force Reload DNSBL.
Then access the URLs again and see what subdomains need to whitelisted
-
I had a similar issue recently and I found these 2 services block github
https://lists.malwarepatrol.net/cgi/getfile?receipt=xxxxxxxxxxx&product=8&list=dansguardian
https://malc0de.com/bl/BOOT
-
Do you not see the "+" in the alerts tab of pfBlocker, in the DNSBL section? If I get a block in DNSBL I hit the "+" to unblock it….
-
Seems to be fixed now, I added the top domain to the Custom Whitelist but instead of adding the domain manually like
".githubusercontent.com"
I clicked on the + sign on the alert page, and the following domains were added:
.githubusercontent.com
.github.map.fastly.net # CNAME for (raw.githubusercontent.com)I think the problem was that ".github.map.fastly.net" needed to be added as well. Now its working.
-
@lpallard:
Seems to be fixed now, I added the top domain to the Custom Whitelist but instead of adding the domain manually like
".githubusercontent.com"
I clicked on the + sign on the alert page, and the following domains were added:
.githubusercontent.com
.github.map.fastly.net # CNAME for (raw.githubusercontent.com)I think the problem was that ".github.map.fastly.net" needed to be added as well. Now its working.
Yes Whitelisting from the Alerts tab is the best, as it will automatically whitelist any CNAMES…
You can still whitelist manually, but you should check for CNAMES... You could use a command as follows to find them:
drill example.com @8.8.8.8
