Still having classic problem of blocked URLs with 'unknown' feed



  • Even after a completely fresh reinstall, I keep getting unwanted URLs on the DNSBL block list with 'unknown' feed. Here are some examples:

    wsapi.skype.com
    static.asm.skype.com
    consumer.entitlement.skype.com
    in.appcenter.ms

    grep -r -l "wsapi.skype.com" /var/db/pfblockerng/*

    When I run this command, these files show up

    /var/db/pfblockerng/dnsbl_cache.sqlite
    /var/db/pfblockerng/pfbalexawhitelist.txt
    /var/db/pfblockerng/top-1m.csv

    Even if I delete those files and run a reload update, they still show up. They won't go away. I figure out how to keep these from being blocked or show up on the list. it seems like every .skype.com subdomain is being blocked. I've added skype.com, .skype.com and even the subdomains themselves to my whitelist. Still, no difference.

    Any thoughts?

    What is dnsbl_cache.sqlite? Is that just a log?

    Are there other files I should search or delete to figure out why all these skype domains are being blocked?

    I'm having the same problem with download.windowsupdate.com.

    Thanks.



  • @talaverde said in Still having classic problem of blocked URLs with 'unknown' feed:

    wsapi.skype.com

    To find relevant entries in DNSBL db try :

    grep "wsapi.skype.com" /var/db/pfblockerng/dnsbl/*.txt /var/db/pfblockerng/dnsblorig/*.orig /var/unbound/pfb_dnsbl.conf /usr/local/pkg/pfblockerng/dnsbl_tld
    

    then try "skype.com"


  • Moderator

    @talaverde said in Still having classic problem of blocked URLs with 'unknown' feed:

    Even after a completely fresh reinstall, I keep getting unwanted URLs on the DNSBL block list with 'unknown' feed. Here are some examples:
    wsapi.skype.com
    static.asm.skype.com
    consumer.entitlement.skype.com
    in.appcenter.ms

    All of these domains above have a CNAME. Is it possible that these CNAMES are in your Blocklists?

    drill @8.8.8.8 wsapi.skype.com
    wsapi.skype.com.        2995    IN      CNAME   client-ws.gateway.messenger.geo.msnmessenger.msn.com.akadns.net.
    client-ws.gateway.messenger.geo.msnmessenger.msn.com.akadns.net.        59      IN      CNAME   eus-wsapi.cloudapp.net.
    eus-wsapi.cloudapp.net. 58      IN      A       13.92.27.116
    
    drill @8.8.8.8 static.asm.skype.com
    static.asm.skype.com.   1657    IN      CNAME   static-asm-skype.trafficmanager.net.
    static-asm-skype.trafficmanager.net.    299     IN      CNAME   nus1-authgw.cloudapp.net.
    nus1-authgw.cloudapp.net.       52      IN      A       40.77.16.143
    
    drill @8.8.8.8 consumer.entitlement.skype.com
    consumer.entitlement.skype.com. 1969    IN      CNAME   sconsentit9.trafficmanager.net.
    sconsentit9.trafficmanager.net. 299     IN      CNAME   sconsentit903.cloudapp.net.
    sconsentit903.cloudapp.net.     8       IN      A       40.122.44.183
    
    drill @8.8.8.8 in.appcenter.ms
    in.appcenter.ms.        732     IN      CNAME   in-secondary-prod-east-us2.prod.avalanch.es.
    in-secondary-prod-east-us2.prod.avalanch.es.    129     IN      CNAME   0e6fa46e-9c94-4256-b449-4f54c1f1e69f.cloudapp.net.
    0e6fa46e-9c94-4256-b449-4f54c1f1e69f.cloudapp.net.      47      IN      A       13.68.31.193
    
    drill @8.8.8.8 download.windowsupdate.com
    download.windowsupdate.com.     1303    IN      CNAME   2-01-3cf7-0009.cdx.cedexis.net.
    2-01-3cf7-0009.cdx.cedexis.net. 239     IN      CNAME   b1ns.au-msedge.net.
    b1ns.au-msedge.net.     27      IN      CNAME   b1ns.c-0001.c-msedge.net.
    b1ns.c-0001.c-msedge.net.       27      IN      CNAME   c-0001.c-msedge.net.
    c-0001.c-msedge.net.    27      IN      A       13.107.4.50
    

    grep -r -l "wsapi.skype.com" /var/db/pfblockerng/*
    When I run this command, these files show up
    /var/db/pfblockerng/dnsbl_cache.sqlite
    /var/db/pfblockerng/pfbalexawhitelist.txt
    /var/db/pfblockerng/top-1m.csv
    Even if I delete those files and run a reload update, they still show up. They won't go away. I figure out how to keep these from being blocked or show up on the list. it seems like every .skype.com subdomain is being blocked. I've added skype.com, .skype.com and even the subdomains themselves to my whitelist. Still, no difference.
    Any thoughts?
    What is dnsbl_cache.sqlite? Is that just a log?

    The dnsbl_cache.sqlite is a database to show the last blocked event. You don't need to delete that file. And definitely don't need to delete the TOP1M Database (Whitelist).

    You need to grep for DNSBL events as:

    grep "example.com" /var/db/pfblockerng/dnsbl/*