Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    www. not being blocked from custom blacklist

    Scheduled Pinned Locked Moved pfBlockerNG
    4 Posts 2 Posters 501 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      andy_vdg
      last edited by

      I'm having a similar problem as Re: www. not blocked?
      However, my problem was not resolved with a reboot.
      I am running pfBlockerNG-dev and using the stock "getting started" setup.
      17e49dc5-753b-486a-9cd8-3b80a209a580-image.png
      I have added a custom blacklist with these domains in it

      youtube.com
      .youtube.com
      www.youtube.com
      m.youtube.com
      youtubei.googleapis.com
      youtube.googleapis.com
      www.youtube-nocookie.com
      youtube-ui.l.google.com # CNAME for (youtube.com)
      i.ytimg.com
      googlevideo.com
      .googlevideo.com
      www.googlevideo.com
      r3---sn-cvh76nez.googlevideo.com
      

      I get the normal blockpage when I access https://youtube.com. But when I go to https://www.youtube.com it loads the page as normal.

      When I run nslookup I get these results

      C:\WINDOWS\system32>nslookup youtube.com
      Server:  UnKnown
      Address:  192.168.20.1
      
      Name:    youtube.com
      Address:  10.10.99.1
      
      
      C:\WINDOWS\system32>nslookup www.youtube.com
      Server:  UnKnown
      Address:  192.168.20.1
      
      Name:    www.youtube.com
      Address:  216.239.38.119
      
      
      C:\WINDOWS\system32>nslookup www.youtube.com
      Server:  UnKnown
      Address:  192.168.20.1
      
      Name:    www.youtube.com
      Addresses:  216.239.38.119
                10.10.99.1
      

      I am not sure why it doesn't resolve directly to 10.10.99.1 and then it does seem to pick it up but still has the original IP in the response.

      I have run update - reload multiple times and rebooted to no avail - also ran ipconfig /flushdns on the machine I am testing from.

      Any help would be greatly appreciated.

      NollipfSenseN 1 Reply Last reply Reply Quote 0
      • NollipfSenseN
        NollipfSense @andy_vdg
        last edited by

        @andy_vdg Checking the TLD box will fix your issue...see image...be sure to have sufficient RAM. Also, be sure your pfSense is the only source doing DNS.

        Screen Shot 2020-02-01 at 12.47.58 PM.png

        pfSense+ 23.09 Lenovo Thinkcentre M93P SFF Quadcore i7 dual Raid-ZFS 128GB-SSD 32GB-RAM PCI-Intel i350-t4 NIC, -Intel QAT 8950.
        pfSense+ 23.09 VM-Proxmox, Dell Precision Xeon-W2155 Nvme 500GB-ZFS 128GB-RAM PCIe-Intel i350-t4, Intel QAT-8950, P-cloud.

        A 1 Reply Last reply Reply Quote 0
        • A
          andy_vdg @NollipfSense
          last edited by

          @NollipfSense
          Thanks for the reply. I did try that but with 4GB of RAM on my firewall it didn't work well at all. Unbound would start and immediately crash. I turned it off again and just added all variants to the blocklist.

          So with these added:
          youtube.com
          .youtube.com
          www.youtube.com
          Why can I still access www.youtube.com? I am really stumped by this one.

          NollipfSenseN 1 Reply Last reply Reply Quote 0
          • NollipfSenseN
            NollipfSense @andy_vdg
            last edited by

            @andy_vdg Are you sure it's not your browser expecting https:// www.youtube.com? I would add it like that just to see what happens!

            pfSense+ 23.09 Lenovo Thinkcentre M93P SFF Quadcore i7 dual Raid-ZFS 128GB-SSD 32GB-RAM PCI-Intel i350-t4 NIC, -Intel QAT 8950.
            pfSense+ 23.09 VM-Proxmox, Dell Precision Xeon-W2155 Nvme 500GB-ZFS 128GB-RAM PCIe-Intel i350-t4, Intel QAT-8950, P-cloud.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.