How does DNSBL Whitelist work?


  • Trying to figure out how the DNSBL Whitelist works.

    I have a domain in the DNSBL Whitelist. However, when I browse to the website, it is blocked.
    alt text

    It even shows unblocked in the filter:

    alt text


  • @amrogers3 How did you Whitelist r20.rs6.net? If you add it to the Whitelist, you also have to put the CNAMEs of the domain, and do a Force Reload DSNBL after saving Settings.

    Shell Output - dig r20.rs6.net @8.8.8.8
    
    ; <<>> DiG 9.14.12 <<>> r20.rs6.net @8.8.8.8
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59141
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1
    
    ;; OPT PSEUDOSECTION:
    ; EDNS: version: 0, flags:; udp: 512
    ;; QUESTION SECTION:
    ;r20.rs6.net.			IN	A
    
    ;; ANSWER SECTION:
    r20.rs6.net.		704	IN	CNAME	rs6.net.
    rs6.net.		59	IN	A	208.75.122.11
    
    ;; Query time: 15 msec
    ;; SERVER: 8.8.8.8#53(8.8.8.8)
    ;; WHEN: Sat Dec 26 16:36:07 EST 2020
    ;; MSG SIZE  rcvd: 70
    

    When you use the '+' icon in Reports Alerts tab, it will also whitelist the CNAMEs (of today) in the Whitelist.


  • Thank you @ronpfs

    Got an example to make sure I am understanding. So if I dig "links.d.slickdeals.net"

    Do I need to add

    links.getblueshift.com, links.d.slickdeals.net to DNSBL whitelist and

    104.16.207.63, 104.16.208.63 to IP whitelist?

    ; <<>> DiG 9.10.6 <<>> links.d.slickdeals.net @8.8.8.8
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44014
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1
    
    ;; OPT PSEUDOSECTION:
    ; EDNS: version: 0, flags:; udp: 4096
    ;; QUESTION SECTION:
    ;links.d.slickdeals.net.		IN	A
    
    ;; ANSWER SECTION:
    links.d.slickdeals.net.	3600	IN	CNAME	links.getblueshift.com.
    links.getblueshift.com.	60	IN	CNAME	links.getblueshift.com.cdn.cloudflare.net.
    links.getblueshift.com.cdn.cloudflare.net. 172 IN A 104.16.207.63
    links.getblueshift.com.cdn.cloudflare.net. 172 IN A 104.16.208.63
    
    ;; Query time: 392 msec
    ;; SERVER: 8.8.8.8#53(8.8.8.8)
    ;; WHEN: Sat Dec 26 16:17:54 CST 2020
    ;; MSG SIZE  rcvd: 171
    

  • @amrogers3 The easy way to learn how to do thing is to use the Alerts tab '+' icon, it will offer choices for whitelisting according to the blocked type (DNSBL, TLD, Regex, etc). You can then review the DNSBL Whitelist to see what pfBlockerNG did.

    If you find blocked IPs in the Alerts tab, then you can whitelist or suppress them with the '+' icon.