Still having classic problem of blocked URLs with 'unknown' feed
-
Even after a completely fresh reinstall, I keep getting unwanted URLs on the DNSBL block list with 'unknown' feed. Here are some examples:
wsapi.skype.com
static.asm.skype.com
consumer.entitlement.skype.com
in.appcenter.msgrep -r -l "wsapi.skype.com" /var/db/pfblockerng/*
When I run this command, these files show up
/var/db/pfblockerng/dnsbl_cache.sqlite
/var/db/pfblockerng/pfbalexawhitelist.txt
/var/db/pfblockerng/top-1m.csvEven if I delete those files and run a reload update, they still show up. They won't go away. I figure out how to keep these from being blocked or show up on the list. it seems like every .skype.com subdomain is being blocked. I've added skype.com, .skype.com and even the subdomains themselves to my whitelist. Still, no difference.
Any thoughts?
What is dnsbl_cache.sqlite? Is that just a log?
Are there other files I should search or delete to figure out why all these skype domains are being blocked?
I'm having the same problem with download.windowsupdate.com.
Thanks.
-
@talaverde said in Still having classic problem of blocked URLs with 'unknown' feed:
wsapi.skype.com
To find relevant entries in DNSBL db try :
grep "wsapi.skype.com" /var/db/pfblockerng/dnsbl/*.txt /var/db/pfblockerng/dnsblorig/*.orig /var/unbound/pfb_dnsbl.conf /usr/local/pkg/pfblockerng/dnsbl_tldthen try "skype.com"
-
@talaverde said in Still having classic problem of blocked URLs with 'unknown' feed:
Even after a completely fresh reinstall, I keep getting unwanted URLs on the DNSBL block list with 'unknown' feed. Here are some examples:
wsapi.skype.com
static.asm.skype.com
consumer.entitlement.skype.com
in.appcenter.msAll of these domains above have a CNAME. Is it possible that these CNAMES are in your Blocklists?
drill @8.8.8.8 wsapi.skype.com wsapi.skype.com. 2995 IN CNAME client-ws.gateway.messenger.geo.msnmessenger.msn.com.akadns.net. client-ws.gateway.messenger.geo.msnmessenger.msn.com.akadns.net. 59 IN CNAME eus-wsapi.cloudapp.net. eus-wsapi.cloudapp.net. 58 IN A 13.92.27.116 drill @8.8.8.8 static.asm.skype.com static.asm.skype.com. 1657 IN CNAME static-asm-skype.trafficmanager.net. static-asm-skype.trafficmanager.net. 299 IN CNAME nus1-authgw.cloudapp.net. nus1-authgw.cloudapp.net. 52 IN A 40.77.16.143 drill @8.8.8.8 consumer.entitlement.skype.com consumer.entitlement.skype.com. 1969 IN CNAME sconsentit9.trafficmanager.net. sconsentit9.trafficmanager.net. 299 IN CNAME sconsentit903.cloudapp.net. sconsentit903.cloudapp.net. 8 IN A 40.122.44.183 drill @8.8.8.8 in.appcenter.ms in.appcenter.ms. 732 IN CNAME in-secondary-prod-east-us2.prod.avalanch.es. in-secondary-prod-east-us2.prod.avalanch.es. 129 IN CNAME 0e6fa46e-9c94-4256-b449-4f54c1f1e69f.cloudapp.net. 0e6fa46e-9c94-4256-b449-4f54c1f1e69f.cloudapp.net. 47 IN A 13.68.31.193 drill @8.8.8.8 download.windowsupdate.com download.windowsupdate.com. 1303 IN CNAME 2-01-3cf7-0009.cdx.cedexis.net. 2-01-3cf7-0009.cdx.cedexis.net. 239 IN CNAME b1ns.au-msedge.net. b1ns.au-msedge.net. 27 IN CNAME b1ns.c-0001.c-msedge.net. b1ns.c-0001.c-msedge.net. 27 IN CNAME c-0001.c-msedge.net. c-0001.c-msedge.net. 27 IN A 13.107.4.50grep -r -l "wsapi.skype.com" /var/db/pfblockerng/*
When I run this command, these files show up
/var/db/pfblockerng/dnsbl_cache.sqlite
/var/db/pfblockerng/pfbalexawhitelist.txt
/var/db/pfblockerng/top-1m.csv
Even if I delete those files and run a reload update, they still show up. They won't go away. I figure out how to keep these from being blocked or show up on the list. it seems like every .skype.com subdomain is being blocked. I've added skype.com, .skype.com and even the subdomains themselves to my whitelist. Still, no difference.
Any thoughts?
What is dnsbl_cache.sqlite? Is that just a log?The dnsbl_cache.sqlite is a database to show the last blocked event. You don't need to delete that file. And definitely don't need to delete the TOP1M Database (Whitelist).
You need to grep for DNSBL events as:
grep "example.com" /var/db/pfblockerng/dnsbl/*
