Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    How to test blocking domains without running Update / Force.

    Scheduled Pinned Locked Moved pfBlockerNG
    3 Posts 2 Posters 839 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • H
      handradish
      last edited by

      I'm trying to identify domains serving ads for my Android device.

      And I think I'm going about it the hard way.

      1. Get PCAP using ntopng
      2. Open PCAP using Wireshark, filter for DNS and check what's happening.
        (Used an old phone with only the one app I wanted to investigate)
      3. I have a few DNSBL Feeds (BBCan177 and OISD), but for this process I'm using a custom feed without an actual URL, just using the Custom Block List.
      4. Save.
      5. It appears I need to choose Update with the 'Reload' option
      6. Restart phone to flush DNS.
      7. Test if app is still serving ads.

      Step 5 seems like I'm spamming BBCan177 and OISD unnecessarily, while trying to weed out the specific domains I might need to add one, remove it, add another, remove, add a diff one.

      Any suggestions on a more streamlined way to do this?

      keyserK 1 Reply Last reply Reply Quote 0
      • keyserK
        keyser Rebel Alliance @handradish
        last edited by

        @handradish said in How to test blocking domains without running Update / Force.:

        I'm trying to identify domains serving ads for my Android device.

        And I think I'm going about it the hard way.

        1. Get PCAP using ntopng
        2. Open PCAP using Wireshark, filter for DNS and check what's happening.
          (Used an old phone with only the one app I wanted to investigate)
        3. I have a few DNSBL Feeds (BBCan177 and OISD), but for this process I'm using a custom feed without an actual URL, just using the Custom Block List.
        4. Save.
        5. It appears I need to choose Update with the 'Reload' option
        6. Restart phone to flush DNS.
        7. Test if app is still serving ads.

        Step 5 seems like I'm spamming BBCan177 and OISD unnecessarily, while trying to weed out the specific domains I might need to add one, remove it, add another, remove, add a diff one.

        Any suggestions on a more streamlined way to do this?

        Couple of tricks:

        1: I pfBlockerNG there is a “log DNS Reply” option which will log all DNS requests from clients. Enable that, and on the reporting tab set up a dynamic view that autorefreshes with your clientsIP Addr. Only. Then you have a live view of resolution attemps.

        2: When wanting to testblock a DNS name, just add it manually to the “Host override” list in SERVICES -> DNS RESOLVER. Make it point to the Virtual IP you set up the pfBlocker webservice with.
        You can add/subtract to that list very quickly, and it has nothing to do with pfBlockerNG, so it does not take a timeconsuming reload.

        Love the no fuss of using the official appliances :-)

        H 1 Reply Last reply Reply Quote 1
        • H
          handradish @keyser
          last edited by

          @keyser Thank you very much!

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.