How does DNSBL Whitelist work?
-
Trying to figure out how the DNSBL Whitelist works.
I have a domain in the DNSBL Whitelist. However, when I browse to the website, it is blocked.
It even shows unblocked in the filter:
-
@amrogers3 How did you Whitelist r20.rs6.net? If you add it to the Whitelist, you also have to put the CNAMEs of the domain, and do a Force Reload DSNBL after saving Settings.
Shell Output - dig r20.rs6.net @8.8.8.8 ; <<>> DiG 9.14.12 <<>> r20.rs6.net @8.8.8.8 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59141 ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 512 ;; QUESTION SECTION: ;r20.rs6.net. IN A ;; ANSWER SECTION: r20.rs6.net. 704 IN CNAME rs6.net. rs6.net. 59 IN A 208.75.122.11 ;; Query time: 15 msec ;; SERVER: 8.8.8.8#53(8.8.8.8) ;; WHEN: Sat Dec 26 16:36:07 EST 2020 ;; MSG SIZE rcvd: 70
When you use the '+' icon in Reports Alerts tab, it will also whitelist the CNAMEs (of today) in the Whitelist.
-
Thank you @ronpfs
Got an example to make sure I am understanding. So if I dig "links.d.slickdeals.net"
Do I need to add
links.getblueshift.com, links.d.slickdeals.net to DNSBL whitelist and
104.16.207.63, 104.16.208.63 to IP whitelist?
; <<>> DiG 9.10.6 <<>> links.d.slickdeals.net @8.8.8.8 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44014 ;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;links.d.slickdeals.net. IN A ;; ANSWER SECTION: links.d.slickdeals.net. 3600 IN CNAME links.getblueshift.com. links.getblueshift.com. 60 IN CNAME links.getblueshift.com.cdn.cloudflare.net. links.getblueshift.com.cdn.cloudflare.net. 172 IN A 104.16.207.63 links.getblueshift.com.cdn.cloudflare.net. 172 IN A 104.16.208.63 ;; Query time: 392 msec ;; SERVER: 8.8.8.8#53(8.8.8.8) ;; WHEN: Sat Dec 26 16:17:54 CST 2020 ;; MSG SIZE rcvd: 171
-
@amrogers3 The easy way to learn how to do thing is to use the Alerts tab '+' icon, it will offer choices for whitelisting according to the blocked type (DNSBL, TLD, Regex, etc). You can then review the DNSBL Whitelist to see what pfBlockerNG did.
If you find blocked IPs in the Alerts tab, then you can whitelist or suppress them with the '+' icon.