Added Domain to DNSBL Whitelist, still refuses to resolve

provels

@fvultee Al I can suggest is setting up a rule to log all traffic from one of your affected devices and see where it's trying to go by filtering the log for the device's IP. I can resolve the site as it returns an error (below). Maybe it hitting another intermediate URL for ads or something.

This XML file does not appear to have any style information associated with it. The document tree is shown below.
<hash>
<script/>
<status>404</status>
<error>Not Found</error>
</hash>

EDIT - Oh, look. I subscribed to the podcast RSS in Outlook and look where it's trying to go:

fvultee

Strange how the original domain resolves to another domain, your rss feed goes to another domain entirely. Nonetheless, I put podtrac.com and .podtrac.com in the DNSBL whitelist, rebooted the firewall, and it still fails. This is bizarre, I don't suppose you have more ideas of things to check.

RonpfS

From a browser you could use F12 (Development tools) to see which URLs are used when accessing the site.

You can also check if the FQDN has a CNAME with :

dig feeds.megaphone.fm 
or 
dig @8.8.8.8 feeds.megaphone.fm
; <<>> DiG 9.12.2-P1 <<>> feeds.megaphone.fm
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19240
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;feeds.megaphone.fm.		IN	A

;; ANSWER SECTION:
feeds.megaphone.fm.	60	IN	CNAME	cds.f3d9q2w8.hwcdn.net.
cds.f3d9q2w8.hwcdn.net.	300	IN	A	69.16.175.10
cds.f3d9q2w8.hwcdn.net.	300	IN	A	69.16.175.42

;; Query time: 284 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sun May 19 19:45:44 EDT 2019
;; MSG SIZE  rcvd: 115

When you whitelist using the "+" icon of the Alerts Tab, pfblockerNG will whitelist the Domain name and the CNAMEs.

fvultee

Yah I mentioned whitelisting all CNAMES as well in my original post, as well as their IPs. Strange thing is that the Alerts tab doesn't say any of the domains are being blocked, it only says that the IP whitelist I created is allowing the IPs, which clearly it's not. Dang it!

RonpfS

I don't have feeds.megaphone.fm in any DNSBL blocklist.
You can see which tables contain the domain with :

grep "feeds.megaphone.fm" /var/db/pfblockerng/dnsbl/*.txt /var/db/pfblockerng/dnsblorig/*.orig /var/db/pfblockerng/dnsblalias/* /usr/local/pkg/pfblockerng/dnsbl_tld /var/unbound/pfb_dnsbl.conf

and disable the feed.

provels

@fvultee said in Added Domain to DNSBL Whitelist, still refuses to resolve:

Strange how the original domain resolves to another domain, your rss feed goes to another domain entirely. Nonetheless, I put podtrac.com and .podtrac.com in the DNSBL whitelist, rebooted the firewall, and it still fails. This is bizarre, I don't suppose you have more ideas of things to check.

Not really, I'm just a user. Try what Ron said.
Can you hit this URL from a PC?

https://www.podtrac.com/pts/redirect.mp3/traffic.megaphone.fm/IS9592789167.mp3

You already have the 2 domains WL'd, so...

fvultee

Yup, I just clicked on that podtrac.com link to the .mp3 and it works fine from my laptop, but from my phone which in on the same subnet using the same DNS IP it fails with ERR_NAME_NOT_RESOLVED. It's bizarro world! Also, tried pasting that grep command and it fails. Why would it work on my laptop but not on my phone, hmm...

provels

@fvultee Try adding .amazonaws.com so you have that, megaphone, podtrac, and hwcdn. That's what I see from my PC when logged. I'm out after that, sorry.

RonpfS

Maybe that is because the app uses HSTS :
https://forum.netgate.com/search?term=HSTS&in=titlesposts&matchWords=all&categories[]=62&sortBy=relevance&sortDirection=desc&showAs=posts

https://forum.netgate.com/topic/133055/dnsbl-modify-default-bloked-webpage/36

RonpfS

@fvultee said in Added Domain to DNSBL Whitelist, still refuses to resolve:

Also, tried pasting that grep command and it fails. Why would it work on my laptop but not on my phone, hmm...

You have to run the grep from the Shell or Diagnostics / Command Prompt.

fvultee

@RonpfS said in Added Domain to DNSBL Whitelist, still refuses to resolve:

grep "feeds.megaphone.fm" /var/db/pfblockerng/dnsbl/.txt /var/db/pfblockerng/dnsblorig/.orig /var/db/pfblockerng/dnsblalias/* /usr/local/pkg/pfblockerng/dnsbl_tld /var/unbound/pfb_dnsbl.conf

I did indeed, she wasn't happy with it:

RonpfS

Well it means that this domain name isn't in any blocklist.
Test it with another domain from the Alerts Tab.

RonpfS

This post is deleted!

RonpfS

@fvultee @RonpfS What version of pfsense ? pfblockerNG? How much memory? What are the others packages in use ?

fvultee

I just disabled pfBlockerNG completely, it still won't resolve the domain. I hard set the DNS IP on two devices to pfSense, the same as my laptop which does resolve, but nope, they still won't resolve. So dang strange.

johnpoz

If your resolving and having problems - you need to figure out where your having problem following down from roots..

Do a dig +trace to find out where your problem is.. That returns a cname, which then would have to be resolved as well

$ dig feeds.megaphone.fm

; <<>> DiG 9.14.1 <<>> feeds.megaphone.fm
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8931
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;feeds.megaphone.fm.            IN      A

;; ANSWER SECTION:
feeds.megaphone.fm.     3599    IN      CNAME   cds.f3d9q2w8.hwcdn.net.
cds.f3d9q2w8.hwcdn.net. 3600    IN      A       69.16.175.42
cds.f3d9q2w8.hwcdn.net. 3600    IN      A       69.16.175.10

;; Query time: 513 msec
;; SERVER: 192.168.3.10#53(192.168.3.10)
;; WHEN: Sun May 19 20:50:02 Central Daylight Time 2019
;; MSG SIZE  rcvd: 115