Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Testing DNSBL with DNS Lookup

    Scheduled Pinned Locked Moved pfBlockerNG
    6 Posts 2 Posters 1.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      bhjitsense
      last edited by

      In pfSense, I would sometimes test whether a domain was blocked via DNSBL by going to Diagnostics > DNS Lookup to see if the domain resolves to the DNSBL VIP. But recently I've noticed that even domains that show up in the Reports section as having been blocked, when a DNS Lookup is performed on these, it resolves to their actual IP. Did something change or did I bork something up somewhere?

      GertjanG 1 Reply Last reply Reply Quote 0
      • GertjanG
        Gertjan @bhjitsense
        last edited by

        @bhjitsense said in Testing DNSBL with DNS Lookup:

        did I bork something up somewhere

        Probably.

        When I take a domain out of one of "my"files :

        55651901-7d10-4214-bd00-e966a4a3971c-image.png

        I took the "1bdmall.com" listed :

        9ad5b337-f488-4305-8122-f4ed9258a956-image.png

        It works as advertised.

        No "help me" PM's please. Use the forum, the community will thank you.
        Edit : and where are the logs ??

        1 Reply Last reply Reply Quote 0
        • B
          bhjitsense
          last edited by

          I know that's the way it's supposed to happen. But I'm mainly trying to find out why it isn't. Here is DNSBL blocking this domain;

          Screen Shot 2020-07-20 at 10.13.21 AM.png

          And here's me doing a DNS Lookup on said domain.
          Screen Shot 2020-07-20 at 10.13.38 AM.png

          1 Reply Last reply Reply Quote 0
          • GertjanG
            Gertjan
            last edited by

            Hover the mouse over de black + sign and you'll see a popup that shwos in which file (DNSBL feed) the domain is presented as DNSBL.
            Probably, it's a top level domain like roku.com

            You have both selected :

            ba0d2d66-f981-4dbd-b24e-319c5cbb0c47-image.png

            ?

            No "help me" PM's please. Use the forum, the community will thank you.
            Edit : and where are the logs ??

            1 Reply Last reply Reply Quote 0
            • B
              bhjitsense
              last edited by

              I currently have TLD disabled while I'm troubleshooting this since that was a change I had made recently. This seems to occur in either case. Doing nslookup on various endpoints, DNSBL seems to be working fine. It just looks like the firewall itself is somehow exempt or is bypassing DNSBL.

              GertjanG 1 Reply Last reply Reply Quote 0
              • GertjanG
                Gertjan @bhjitsense
                last edited by

                @bhjitsense said in Testing DNSBL with DNS Lookup:

                firewall itself is somehow exempt or is bypassing DNSBL.

                The firewall is using "127.0.0.1 - port 53" - on on that port unbound, the resolver is listening.
                That is, if you did not add other servers, which isn't needed.
                (people tend to throw in 1.1.1.1 - 8.8.8.8 - etc and then strange things happens ;) )

                No "help me" PM's please. Use the forum, the community will thank you.
                Edit : and where are the logs ??

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.