• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

How to test blocking domains without running Update / Force.

Scheduled Pinned Locked Moved pfBlockerNG
3 Posts 2 Posters 796 Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • H
    handradish
    last edited by Apr 18, 2022, 4:28 AM

    I'm trying to identify domains serving ads for my Android device.

    And I think I'm going about it the hard way.

    1. Get PCAP using ntopng
    2. Open PCAP using Wireshark, filter for DNS and check what's happening.
      (Used an old phone with only the one app I wanted to investigate)
    3. I have a few DNSBL Feeds (BBCan177 and OISD), but for this process I'm using a custom feed without an actual URL, just using the Custom Block List.
    4. Save.
    5. It appears I need to choose Update with the 'Reload' option
    6. Restart phone to flush DNS.
    7. Test if app is still serving ads.

    Step 5 seems like I'm spamming BBCan177 and OISD unnecessarily, while trying to weed out the specific domains I might need to add one, remove it, add another, remove, add a diff one.

    Any suggestions on a more streamlined way to do this?

    K 1 Reply Last reply Apr 18, 2022, 7:15 AM Reply Quote 0
    • K
      keyser Rebel Alliance @handradish
      last edited by Apr 18, 2022, 7:15 AM

      @handradish said in How to test blocking domains without running Update / Force.:

      I'm trying to identify domains serving ads for my Android device.

      And I think I'm going about it the hard way.

      1. Get PCAP using ntopng
      2. Open PCAP using Wireshark, filter for DNS and check what's happening.
        (Used an old phone with only the one app I wanted to investigate)
      3. I have a few DNSBL Feeds (BBCan177 and OISD), but for this process I'm using a custom feed without an actual URL, just using the Custom Block List.
      4. Save.
      5. It appears I need to choose Update with the 'Reload' option
      6. Restart phone to flush DNS.
      7. Test if app is still serving ads.

      Step 5 seems like I'm spamming BBCan177 and OISD unnecessarily, while trying to weed out the specific domains I might need to add one, remove it, add another, remove, add a diff one.

      Any suggestions on a more streamlined way to do this?

      Couple of tricks:

      1: I pfBlockerNG there is a “log DNS Reply” option which will log all DNS requests from clients. Enable that, and on the reporting tab set up a dynamic view that autorefreshes with your clientsIP Addr. Only. Then you have a live view of resolution attemps.

      2: When wanting to testblock a DNS name, just add it manually to the “Host override” list in SERVICES -> DNS RESOLVER. Make it point to the Virtual IP you set up the pfBlocker webservice with.
      You can add/subtract to that list very quickly, and it has nothing to do with pfBlockerNG, so it does not take a timeconsuming reload.

      Love the no fuss of using the official appliances :-)

      H 1 Reply Last reply Apr 18, 2022, 11:07 PM Reply Quote 1
      • H
        handradish @keyser
        last edited by Apr 18, 2022, 11:07 PM

        @keyser Thank you very much!

        1 Reply Last reply Reply Quote 0
        1 out of 3
        • First post
          1/3
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
          This community forum collects and processes your personal information.
          consent.not_received