DNSBL blocking Amazon app

Mattaton

I'm a novice with pfSense and therefore with pfBlocker as well.

I set it up based on a YouTube video by Lawrence Systems.

It seems to work fine for what it's supposed to do. I added in some blacklist urls and it blocks the sites as intended.

The problem I'm having is with certain apps on my phone. The Amazon app, for example. The app loads, but then gives and uh-oh message saying something went wrong. If I disable DNSBL (not pfBlocker entirely, just DNSBL), then everything works.

I went through the DNSBL feeds I had added and set them all to "Disabled" and reloaded/updated the lists, assuming that would clean out all restrictions, but it still blocks the Amazon app. Again, that's just with DNSBL enabled, but with all feeds disabled. This doesn't make sense to me unless I need to clear out the feeds somehow and enable them one by one to find the culprit.

Any help is appreciated!

Thanks!
Matt

dennismx

Hi!
You need to whitelist some domains. I had that issue too.

I don't remember where I got this list. But it worked for me.
s3.amazonaws.com
s3-1.amazonaws.com # CNAME for (s3.amazonaws.com)
.github.com
.githubusercontent.com
github.map.fastly.net # CNAME for (raw.githubusercontent.com)
.gitlab.com
.apple.com
.sourceforge.net
.fls-na.amazon.com # alexa
.control.kochava.com # alexa 2
.device-metrics-us-2.amazon.com # alexa 3
.amazon-adsystem.com # amazon app ads
.px.moatads.com # amazon app 2
.wildcard.moatads.com.edgekey.net # CNAME for (px.moatads.com)
.e13136.g.akamaiedge.net # CNAME for (px.moatads.com)
.secure-gl.imrworldwide.com # amazon app 3
.pixel.adsafeprotected.com # amazon app 4
.anycast.pixel.adsafeprotected.com # CNAME for (pixel.adsafeprotected.com)
.bs.serving-sys.com # amazon app 5
.bs.eyeblaster.akadns.net # CNAME for (bs.serving-sys.com)
.bsla.eyeblaster.akadns.net # CNAME for (bs.serving-sys.com)
.adsafeprotected.com # amazon app 6
.anycast.static.adsafeprotected.com # CNAME for (static.adsafeprotected.com)
google.com
www.google.com
youtube.com
www.youtube.com
youtube-ui.l.google.com # CNAME for (youtube.com)
stackoverflow.com
www.stackoverflow.com
dropbox.com
www.dropbox.com
www.dropbox-dns.com # CNAME for (dropbox.com)
.adsafeprotected.com
control.kochava.com
secure-gl.imrworldwide.com
pbs.twimg.com # twitter images
www.pbs.twimg.com # twitter images
cs196.wac.edgecastcdn.net # CNAME for (pbs.twimg.com)
cs2-wac.apr-8315.edgecastdns.net # CNAME for (pbs.twimg.com)
cs2-wac-us.8315.ecdns.net # CNAME for (pbs.twimg.com)
cs45.wac.edgecastcdn.net # CNAME for (pbs.twimg.com)
.zoom.us
.amazonaws.com
.amazon-adsystem.com
.amazon.com
.googleapis.com

Just remove whatever makes you feel queezy.
Good luck

Dennis

Mattaton

@dennismx
Thanks!
I just ran across a reddit with similar whitelisting. I added those and the app seems to work. Your list covers more than just the amazon app. Gonna copy yours and add it.

Mattaton

Excellent. I just re-enabled all the feeds and the whitelisting seems to be working.

Thanks!
Matt