How to determine DNSBL block list

krbvroc1 · Sep 20, 2018, 7:18 PM

As of a few hours ago, facebook.com is blocked by DNSBL. How do I debug what list added this? Oddly enough, when I go to the Alerts tab, it doesn't show a list - is says 'no match'. All my other entries show a list, but not this one.

I've been going to the various website/block lists that I use and so far don't see it listed on any of them.

I am running 2.1.2_3, but I just clicked the upgrade to 2.1.4_9 button to test with the latest version and same problem. (Obviously I could get to the site while it was disabled/upgrading)

Grimson · Sep 20, 2018, 7:19 PM

Upgrade to pfBlockerNG-devel.

krbvroc1 · Sep 20, 2018, 7:21 PM

@grimson Is that smart if I want a stable/production version? Is there something new going on that only devel handles?

Grimson · Sep 20, 2018, 7:24 PM

https://forum.netgate.com/topic/135514/dnsbl-is-not-logging-everything

From here on search the forums yourself.

krbvroc1 · Sep 20, 2018, 7:28 PM

@grimson I already saw that post and it doesn't seem to apply. That related to something not being logged at all and if I read it correctly, the devel version allows additional logging for 'https' sites. In my case it is being logged under the alerts tab, it just shows 'no match' where the list name would normally be. And I tried non-https with the same issue before I posted. This just happened today somehow since facebook url was working this morning.

krbvroc1 · Sep 21, 2018, 1:35 AM

Finally tracked it down - I had followed some documentation here - https://docs.microsoft.com/en-us/windows/privacy/manage-windows-endpoints

It listed 'star-mini.c10r.facebook.com' as an ms endpoint for facebook - I assumed for their store app. It has been blocked for months. For some reason today www.facebook.com started resolving to that cname and that is why it is blocked. It is a custom block list I entered months ago, not sure why pfblockerng doesn't show the feed name rather than 'no match' on the alerts - would have saved me hours.

BBcan177 · Sep 22, 2018, 2:07 AM

@krbvroc1 said in How to determine DNSBL block list:

Finally tracked it down - I had followed some documentation here - https://docs.microsoft.com/en-us/windows/privacy/manage-windows-endpoints
It listed 'star-mini.c10r.facebook.com' as an ms endpoint for facebook - I assumed for their store app. It has been blocked for months. For some reason today www.facebook.com started resolving to that cname and that is why it is blocked. It is a custom block list I entered months ago, not sure why pfblockerng doesn't show the feed name rather than 'no match' on the alerts - would have saved me hours.

There are many changes to the code with pfBlockerNG-devel, including the Alerts Tab. I would suggest moving to devel and see if you can reproduce the same issue.