Added Domain to DNSBL Whitelist, still refuses to resolve



  • So a few devices on my LAN need to resolve feeds.megaphone.fm. I have added feeds.megaphone.fm and .megaphone.fm to the DNSBL whitelist, reloaded DNSBL, still no devices can resolve the IP. I looked online and feeds.megaphone.fm seems to point to cds.f3d9q2w8.hwcdn.net, so I added that and .hwcdn.net to the DNSBL whitelist and reloaded, still won't resolve. I decided to go the IP route and added their IPs to an IPv4 custom feed to allow both, the Alerts tab shows that the IP is permitted but it still won't resolve. Any ideas, really strange. Also none of these are showing blocked in DNSBL Alerts.



  • I get a 404 returned from the site. Do you have a page/port you're trying to get to?



  • So I use a podcasting app on a few devices, and I get this error on all devices only if pfBlockerNG is activated. If I disable it no more errors:

    c855c22e-584c-46e0-9131-53c946fca6c8-image.png



  • @fvultee Al I can suggest is setting up a rule to log all traffic from one of your affected devices and see where it's trying to go by filtering the log for the device's IP. I can resolve the site as it returns an error (below). Maybe it hitting another intermediate URL for ads or something.

    This XML file does not appear to have any style information associated with it. The document tree is shown below.
    <hash>
    <script/>
    <status>404</status>
    <error>Not Found</error>
    </hash>

    EDIT - Oh, look. I subscribed to the podcast RSS in Outlook and look where it's trying to go:

    7d2c0bfe-4e21-4bde-985c-a9fda1b8db23-image.png



  • Strange how the original domain resolves to another domain, your rss feed goes to another domain entirely. Nonetheless, I put podtrac.com and .podtrac.com in the DNSBL whitelist, rebooted the firewall, and it still fails. This is bizarre, I don't suppose you have more ideas of things to check.



  • From a browser you could use F12 (Development tools) to see which URLs are used when accessing the site.

    You can also check if the FQDN has a CNAME with :

    dig feeds.megaphone.fm 
    or 
    dig @8.8.8.8 feeds.megaphone.fm
    ; <<>> DiG 9.12.2-P1 <<>> feeds.megaphone.fm
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19240
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1
    
    ;; OPT PSEUDOSECTION:
    ; EDNS: version: 0, flags:; udp: 4096
    ;; QUESTION SECTION:
    ;feeds.megaphone.fm.		IN	A
    
    ;; ANSWER SECTION:
    feeds.megaphone.fm.	60	IN	CNAME	cds.f3d9q2w8.hwcdn.net.
    cds.f3d9q2w8.hwcdn.net.	300	IN	A	69.16.175.10
    cds.f3d9q2w8.hwcdn.net.	300	IN	A	69.16.175.42
    
    ;; Query time: 284 msec
    ;; SERVER: 127.0.0.1#53(127.0.0.1)
    ;; WHEN: Sun May 19 19:45:44 EDT 2019
    ;; MSG SIZE  rcvd: 115
    

    When you whitelist using the "+" icon of the Alerts Tab, pfblockerNG will whitelist the Domain name and the CNAMEs.



  • Yah I mentioned whitelisting all CNAMES as well in my original post, as well as their IPs. Strange thing is that the Alerts tab doesn't say any of the domains are being blocked, it only says that the IP whitelist I created is allowing the IPs, which clearly it's not. Dang it!



  • I don't have feeds.megaphone.fm in any DNSBL blocklist.
    You can see which tables contain the domain with :

    grep "feeds.megaphone.fm" /var/db/pfblockerng/dnsbl/*.txt /var/db/pfblockerng/dnsblorig/*.orig /var/db/pfblockerng/dnsblalias/* /usr/local/pkg/pfblockerng/dnsbl_tld /var/unbound/pfb_dnsbl.conf
    

    and disable the feed.



  • @fvultee said in Added Domain to DNSBL Whitelist, still refuses to resolve:

    Strange how the original domain resolves to another domain, your rss feed goes to another domain entirely. Nonetheless, I put podtrac.com and .podtrac.com in the DNSBL whitelist, rebooted the firewall, and it still fails. This is bizarre, I don't suppose you have more ideas of things to check.

    Not really, I'm just a user. Try what Ron said.
    Can you hit this URL from a PC?

    https://www.podtrac.com/pts/redirect.mp3/traffic.megaphone.fm/IS9592789167.mp3

    You already have the 2 domains WL'd, so...



  • Yup, I just clicked on that podtrac.com link to the .mp3 and it works fine from my laptop, but from my phone which in on the same subnet using the same DNS IP it fails with ERR_NAME_NOT_RESOLVED. It's bizarro world! Also, tried pasting that grep command and it fails. Why would it work on my laptop but not on my phone, hmm...



  • @fvultee Try adding .amazonaws.com so you have that, megaphone, podtrac, and hwcdn. That's what I see from my PC when logged. I'm out after that, sorry.





  • @fvultee said in Added Domain to DNSBL Whitelist, still refuses to resolve:

    Also, tried pasting that grep command and it fails. Why would it work on my laptop but not on my phone, hmm...

    You have to run the grep from the Shell or Diagnostics / Command Prompt.



  • @RonpfS said in Added Domain to DNSBL Whitelist, still refuses to resolve:

    grep "feeds.megaphone.fm" /var/db/pfblockerng/dnsbl/.txt /var/db/pfblockerng/dnsblorig/.orig /var/db/pfblockerng/dnsblalias/* /usr/local/pkg/pfblockerng/dnsbl_tld /var/unbound/pfb_dnsbl.conf

    I did indeed, she wasn't happy with it:

    f94a98e2-6dc6-4015-b2a4-86888ab70ebf-image.png



  • Well it means that this domain name isn't in any blocklist.
    Test it with another domain from the Alerts Tab.



  • This post is deleted!


  • @fvultee @RonpfS What version of pfsense ? pfblockerNG? How much memory? What are the others packages in use ?



  • I just disabled pfBlockerNG completely, it still won't resolve the domain. I hard set the DNS IP on two devices to pfSense, the same as my laptop which does resolve, but nope, they still won't resolve. So dang strange.

    5175c9fc-184b-44ff-b985-40bf8b02f246-image.png
    5ef9279c-f2bc-4472-8af3-fa132ddeef6d-image.png
    78f16ed0-d837-43bd-b6ae-524f0336fe50-image.png
    f14c3c26-fb2e-4804-8f28-9cb6850283a6-image.png


  • LAYER 8 Global Moderator

    If your resolving and having problems - you need to figure out where your having problem following down from roots..

    Do a dig +trace to find out where your problem is.. That returns a cname, which then would have to be resolved as well

    $ dig feeds.megaphone.fm
    
    ; <<>> DiG 9.14.1 <<>> feeds.megaphone.fm
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8931
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1
    
    ;; OPT PSEUDOSECTION:
    ; EDNS: version: 0, flags:; udp: 4096
    ;; QUESTION SECTION:
    ;feeds.megaphone.fm.            IN      A
    
    ;; ANSWER SECTION:
    feeds.megaphone.fm.     3599    IN      CNAME   cds.f3d9q2w8.hwcdn.net.
    cds.f3d9q2w8.hwcdn.net. 3600    IN      A       69.16.175.42
    cds.f3d9q2w8.hwcdn.net. 3600    IN      A       69.16.175.10
    
    ;; Query time: 513 msec
    ;; SERVER: 192.168.3.10#53(192.168.3.10)
    ;; WHEN: Sun May 19 20:50:02 Central Daylight Time 2019
    ;; MSG SIZE  rcvd: 115
    

Log in to reply