Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    How does DNSBL Whitelist work?

    pfBlockerNG
    2
    4
    264
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      amrogers3 last edited by amrogers3

      Trying to figure out how the DNSBL Whitelist works.

      I have a domain in the DNSBL Whitelist. However, when I browse to the website, it is blocked.
      alt text

      It even shows unblocked in the filter:

      alt text

      RonpfS 1 Reply Last reply Reply Quote 0
      • RonpfS
        RonpfS @amrogers3 last edited by

        @amrogers3 How did you Whitelist r20.rs6.net? If you add it to the Whitelist, you also have to put the CNAMEs of the domain, and do a Force Reload DSNBL after saving Settings.

        Shell Output - dig r20.rs6.net @8.8.8.8

; <<>> DiG 9.14.12 <<>> r20.rs6.net @8.8.8.8
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59141
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;r20.rs6.net.			IN	A

;; ANSWER SECTION:
r20.rs6.net.		704	IN	CNAME	rs6.net.
rs6.net.		59	IN	A	208.75.122.11

;; Query time: 15 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Sat Dec 26 16:36:07 EST 2020
;; MSG SIZE  rcvd: 70

        When you use the '+' icon in Reports Alerts tab, it will also whitelist the CNAMEs (of today) in the Whitelist.

        2.4.5-RELEASE-p1 (amd64)
        Intel Core2 Quad CPU Q8400 @ 2.66GHz 8GB
        Backup 0.5_5, Bandwidthd 0.7.4_4, Cron 0.3.7_5, pfBlockerNG-devel 3.0.0_16, Status_Traffic_Totals 2.3.1_1, System_Patches 1.2_5

        A 1 Reply Last reply Reply Quote 0
        • A
          amrogers3 @RonpfS last edited by amrogers3

          Thank you @ronpfs

          Got an example to make sure I am understanding. So if I dig "links.d.slickdeals.net"

          Do I need to add

          links.getblueshift.com, links.d.slickdeals.net to DNSBL whitelist and

          104.16.207.63, 104.16.208.63 to IP whitelist?

          ; <<>> DiG 9.10.6 <<>> links.d.slickdeals.net @8.8.8.8
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44014
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;links.d.slickdeals.net.		IN	A

;; ANSWER SECTION:
links.d.slickdeals.net.	3600	IN	CNAME	links.getblueshift.com.
links.getblueshift.com.	60	IN	CNAME	links.getblueshift.com.cdn.cloudflare.net.
links.getblueshift.com.cdn.cloudflare.net. 172 IN A 104.16.207.63
links.getblueshift.com.cdn.cloudflare.net. 172 IN A 104.16.208.63

;; Query time: 392 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Sat Dec 26 16:17:54 CST 2020
;; MSG SIZE  rcvd: 171
          RonpfS 1 Reply Last reply Reply Quote 0
          • RonpfS
            RonpfS @amrogers3 last edited by RonpfS

            @amrogers3 The easy way to learn how to do thing is to use the Alerts tab '+' icon, it will offer choices for whitelisting according to the blocked type (DNSBL, TLD, Regex, etc). You can then review the DNSBL Whitelist to see what pfBlockerNG did.

            If you find blocked IPs in the Alerts tab, then you can whitelist or suppress them with the '+' icon.

            2.4.5-RELEASE-p1 (amd64)
            Intel Core2 Quad CPU Q8400 @ 2.66GHz 8GB
            Backup 0.5_5, Bandwidthd 0.7.4_4, Cron 0.3.7_5, pfBlockerNG-devel 3.0.0_16, Status_Traffic_Totals 2.3.1_1, System_Patches 1.2_5

            1 Reply Last reply Reply Quote 0
            • First post
              Last post