Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Added Domain to DNSBL Whitelist, still refuses to resolve

    Scheduled Pinned Locked Moved pfBlockerNG
    19 Posts 4 Posters 2.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • F
      fvultee
      last edited by

      So a few devices on my LAN need to resolve feeds.megaphone.fm. I have added feeds.megaphone.fm and .megaphone.fm to the DNSBL whitelist, reloaded DNSBL, still no devices can resolve the IP. I looked online and feeds.megaphone.fm seems to point to cds.f3d9q2w8.hwcdn.net, so I added that and .hwcdn.net to the DNSBL whitelist and reloaded, still won't resolve. I decided to go the IP route and added their IPs to an IPv4 custom feed to allow both, the Alerts tab shows that the IP is permitted but it still won't resolve. Any ideas, really strange. Also none of these are showing blocked in DNSBL Alerts.

      1 Reply Last reply Reply Quote 0
      • provelsP
        provels
        last edited by

        I get a 404 returned from the site. Do you have a page/port you're trying to get to?

        Peder

        MAIN - pfSense+ 24.11-RELEASE - Adlink MXE-5401, i7, 16 GB RAM, 64 GB SSD. 500 GB HDD for SyslogNG
        BACKUP - pfSense+ 23.01-RELEASE - Hyper-V Virtual Machine, Gen 1, 2 v-CPUs, 3 GB RAM, 8GB VHDX (Dynamic)

        1 Reply Last reply Reply Quote 0
        • F
          fvultee
          last edited by

          So I use a podcasting app on a few devices, and I get this error on all devices only if pfBlockerNG is activated. If I disable it no more errors:

          c855c22e-584c-46e0-9131-53c946fca6c8-image.png

          provelsP 1 Reply Last reply Reply Quote 0
          • provelsP
            provels @fvultee
            last edited by provels

            @fvultee Al I can suggest is setting up a rule to log all traffic from one of your affected devices and see where it's trying to go by filtering the log for the device's IP. I can resolve the site as it returns an error (below). Maybe it hitting another intermediate URL for ads or something.

            This XML file does not appear to have any style information associated with it. The document tree is shown below.
            <hash>
            <script/>
            <status>404</status>
            <error>Not Found</error>
            </hash>

            EDIT - Oh, look. I subscribed to the podcast RSS in Outlook and look where it's trying to go:

            7d2c0bfe-4e21-4bde-985c-a9fda1b8db23-image.png

            Peder

            MAIN - pfSense+ 24.11-RELEASE - Adlink MXE-5401, i7, 16 GB RAM, 64 GB SSD. 500 GB HDD for SyslogNG
            BACKUP - pfSense+ 23.01-RELEASE - Hyper-V Virtual Machine, Gen 1, 2 v-CPUs, 3 GB RAM, 8GB VHDX (Dynamic)

            1 Reply Last reply Reply Quote 0
            • F
              fvultee
              last edited by

              Strange how the original domain resolves to another domain, your rss feed goes to another domain entirely. Nonetheless, I put podtrac.com and .podtrac.com in the DNSBL whitelist, rebooted the firewall, and it still fails. This is bizarre, I don't suppose you have more ideas of things to check.

              provelsP 1 Reply Last reply Reply Quote 0
              • RonpfSR
                RonpfS
                last edited by RonpfS

                From a browser you could use F12 (Development tools) to see which URLs are used when accessing the site.

                You can also check if the FQDN has a CNAME with :

                dig feeds.megaphone.fm 
                or 
                dig @8.8.8.8 feeds.megaphone.fm
                ; <<>> DiG 9.12.2-P1 <<>> feeds.megaphone.fm
                ;; global options: +cmd
                ;; Got answer:
                ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19240
                ;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1
                
                ;; OPT PSEUDOSECTION:
                ; EDNS: version: 0, flags:; udp: 4096
                ;; QUESTION SECTION:
                ;feeds.megaphone.fm.		IN	A
                
                ;; ANSWER SECTION:
                feeds.megaphone.fm.	60	IN	CNAME	cds.f3d9q2w8.hwcdn.net.
                cds.f3d9q2w8.hwcdn.net.	300	IN	A	69.16.175.10
                cds.f3d9q2w8.hwcdn.net.	300	IN	A	69.16.175.42
                
                ;; Query time: 284 msec
                ;; SERVER: 127.0.0.1#53(127.0.0.1)
                ;; WHEN: Sun May 19 19:45:44 EDT 2019
                ;; MSG SIZE  rcvd: 115
                

                When you whitelist using the "+" icon of the Alerts Tab, pfblockerNG will whitelist the Domain name and the CNAMEs.

                1 Reply Last reply Reply Quote 0
                • F
                  fvultee
                  last edited by

                  Yah I mentioned whitelisting all CNAMES as well in my original post, as well as their IPs. Strange thing is that the Alerts tab doesn't say any of the domains are being blocked, it only says that the IP whitelist I created is allowing the IPs, which clearly it's not. Dang it!

                  1 Reply Last reply Reply Quote 0
                  • RonpfSR
                    RonpfS
                    last edited by

                    I don't have feeds.megaphone.fm in any DNSBL blocklist.
                    You can see which tables contain the domain with :

                    grep "feeds.megaphone.fm" /var/db/pfblockerng/dnsbl/*.txt /var/db/pfblockerng/dnsblorig/*.orig /var/db/pfblockerng/dnsblalias/* /usr/local/pkg/pfblockerng/dnsbl_tld /var/unbound/pfb_dnsbl.conf
                    

                    and disable the feed.

                    1 Reply Last reply Reply Quote 1
                    • provelsP
                      provels @fvultee
                      last edited by provels

                      @fvultee said in Added Domain to DNSBL Whitelist, still refuses to resolve:

                      Strange how the original domain resolves to another domain, your rss feed goes to another domain entirely. Nonetheless, I put podtrac.com and .podtrac.com in the DNSBL whitelist, rebooted the firewall, and it still fails. This is bizarre, I don't suppose you have more ideas of things to check.

                      Not really, I'm just a user. Try what Ron said.
                      Can you hit this URL from a PC?

                      https://www.podtrac.com/pts/redirect.mp3/traffic.megaphone.fm/IS9592789167.mp3

                      You already have the 2 domains WL'd, so...

                      Peder

                      MAIN - pfSense+ 24.11-RELEASE - Adlink MXE-5401, i7, 16 GB RAM, 64 GB SSD. 500 GB HDD for SyslogNG
                      BACKUP - pfSense+ 23.01-RELEASE - Hyper-V Virtual Machine, Gen 1, 2 v-CPUs, 3 GB RAM, 8GB VHDX (Dynamic)

                      1 Reply Last reply Reply Quote 0
                      • F
                        fvultee
                        last edited by

                        Yup, I just clicked on that podtrac.com link to the .mp3 and it works fine from my laptop, but from my phone which in on the same subnet using the same DNS IP it fails with ERR_NAME_NOT_RESOLVED. It's bizarro world! Also, tried pasting that grep command and it fails. Why would it work on my laptop but not on my phone, hmm...

                        provelsP RonpfSR 2 Replies Last reply Reply Quote 0
                        • provelsP
                          provels @fvultee
                          last edited by provels

                          @fvultee Try adding .amazonaws.com so you have that, megaphone, podtrac, and hwcdn. That's what I see from my PC when logged. I'm out after that, sorry.

                          Peder

                          MAIN - pfSense+ 24.11-RELEASE - Adlink MXE-5401, i7, 16 GB RAM, 64 GB SSD. 500 GB HDD for SyslogNG
                          BACKUP - pfSense+ 23.01-RELEASE - Hyper-V Virtual Machine, Gen 1, 2 v-CPUs, 3 GB RAM, 8GB VHDX (Dynamic)

                          1 Reply Last reply Reply Quote 0
                          • RonpfSR
                            RonpfS
                            last edited by RonpfS

                            Maybe that is because the app uses HSTS :
                            https://forum.netgate.com/search?term=HSTS&in=titlesposts&matchWords=all&categories[]=62&sortBy=relevance&sortDirection=desc&showAs=posts

                            https://forum.netgate.com/topic/133055/dnsbl-modify-default-bloked-webpage/36

                            1 Reply Last reply Reply Quote 0
                            • RonpfSR
                              RonpfS @fvultee
                              last edited by RonpfS

                              @fvultee said in Added Domain to DNSBL Whitelist, still refuses to resolve:

                              Also, tried pasting that grep command and it fails. Why would it work on my laptop but not on my phone, hmm...

                              You have to run the grep from the Shell or Diagnostics / Command Prompt.

                              F 1 Reply Last reply Reply Quote 0
                              • F
                                fvultee @RonpfS
                                last edited by

                                @RonpfS said in Added Domain to DNSBL Whitelist, still refuses to resolve:

                                grep "feeds.megaphone.fm" /var/db/pfblockerng/dnsbl/.txt /var/db/pfblockerng/dnsblorig/.orig /var/db/pfblockerng/dnsblalias/* /usr/local/pkg/pfblockerng/dnsbl_tld /var/unbound/pfb_dnsbl.conf

                                I did indeed, she wasn't happy with it:

                                f94a98e2-6dc6-4015-b2a4-86888ab70ebf-image.png

                                RonpfSR 1 Reply Last reply Reply Quote 0
                                • RonpfSR
                                  RonpfS
                                  last edited by

                                  Well it means that this domain name isn't in any blocklist.
                                  Test it with another domain from the Alerts Tab.

                                  RonpfSR 1 Reply Last reply Reply Quote 0
                                  • RonpfSR
                                    RonpfS @RonpfS
                                    last edited by

                                    This post is deleted!
                                    1 Reply Last reply Reply Quote 0
                                    • RonpfSR
                                      RonpfS @fvultee
                                      last edited by

                                      @fvultee @RonpfS What version of pfsense ? pfblockerNG? How much memory? What are the others packages in use ?

                                      1 Reply Last reply Reply Quote 0
                                      • F
                                        fvultee
                                        last edited by

                                        I just disabled pfBlockerNG completely, it still won't resolve the domain. I hard set the DNS IP on two devices to pfSense, the same as my laptop which does resolve, but nope, they still won't resolve. So dang strange.

                                        5175c9fc-184b-44ff-b985-40bf8b02f246-image.png
                                        5ef9279c-f2bc-4472-8af3-fa132ddeef6d-image.png
                                        78f16ed0-d837-43bd-b6ae-524f0336fe50-image.png
                                        f14c3c26-fb2e-4804-8f28-9cb6850283a6-image.png

                                        1 Reply Last reply Reply Quote 0
                                        • johnpozJ
                                          johnpoz LAYER 8 Global Moderator
                                          last edited by

                                          If your resolving and having problems - you need to figure out where your having problem following down from roots..

                                          Do a dig +trace to find out where your problem is.. That returns a cname, which then would have to be resolved as well

                                          $ dig feeds.megaphone.fm
                                          
                                          ; <<>> DiG 9.14.1 <<>> feeds.megaphone.fm
                                          ;; global options: +cmd
                                          ;; Got answer:
                                          ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8931
                                          ;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1
                                          
                                          ;; OPT PSEUDOSECTION:
                                          ; EDNS: version: 0, flags:; udp: 4096
                                          ;; QUESTION SECTION:
                                          ;feeds.megaphone.fm.            IN      A
                                          
                                          ;; ANSWER SECTION:
                                          feeds.megaphone.fm.     3599    IN      CNAME   cds.f3d9q2w8.hwcdn.net.
                                          cds.f3d9q2w8.hwcdn.net. 3600    IN      A       69.16.175.42
                                          cds.f3d9q2w8.hwcdn.net. 3600    IN      A       69.16.175.10
                                          
                                          ;; Query time: 513 msec
                                          ;; SERVER: 192.168.3.10#53(192.168.3.10)
                                          ;; WHEN: Sun May 19 20:50:02 Central Daylight Time 2019
                                          ;; MSG SIZE  rcvd: 115
                                          

                                          An intelligent man is sometimes forced to be drunk to spend time with his fools
                                          If you get confused: Listen to the Music Play
                                          Please don't Chat/PM me for help, unless mod related
                                          SG-4860 24.11 | Lab VMs 2.7.2, 24.11

                                          1 Reply Last reply Reply Quote 0
                                          • First post
                                            Last post
                                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.