Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    DNSBL not blocking URL

    pfBlockerNG
    2
    6
    782
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • O
      oever
      last edited by

      I'm using pfBlockerNG Devel on pfSense 2.7.0. Works like a charm. But I have one issue.

      mesqwrte.net is in a blocklist; TLD is active

      TIf I type mesqwrte.net in a browser: blocked as expected.
      If I type mesqwrte.net/favicon.ico : not blocked.

      Am I missing something or is this a bug?

      johnpozJ 1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator @oever
        last edited by

        @oever said in DNSBL not blocking URL:

        If I type mesqwrte.net/favicon.ico : not blocked.

        pfblocker doesn't work on url, it is dns based.. to load up domain.tld/whatever you would have to be able to resolve domain.tld - but pfblocker would block that.. So if your saying domain.tld/something loaded - its loaded from your browser cache.

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.7.2, 24.11

        1 Reply Last reply Reply Quote 0
        • O
          oever
          last edited by

          Sounds plausible, BUT. I expect the URL to be parsed into host plus "extra", where host contains the domain.TLD. Otherwise DNSBL wouldn't block any URL, ever. Correct?

          As for your remark on my browsr cache: OOPS. However, after emptying the cache: still no luck. With anoteher browser altogether: no luck. So I'm puzzled.

          johnpozJ 1 Reply Last reply Reply Quote 0
          • johnpozJ
            johnpoz LAYER 8 Global Moderator @oever
            last edited by johnpoz

            @oever said in DNSBL not blocking URL:

            wouldn't block any URL, ever. Correct?

            again its dns based.. domain.tld/whatever/otherthing/something makes no differenct.. hard to load domain.tld/something if domain.tld never resolves to actual IP that serves domain.tld

            This is blocked on my system with pihole

            ;; QUESTION SECTION:
;mesqwrte.net.                  IN      A

;; ANSWER SECTION:
mesqwrte.net.           2       IN      A       0.0.0.0

            See how its resolving to 0.0.0.0, so it would be impossible to load up mesqwrte.net/anything no matter what that anything is.. Since its not possible to get to mesqwrte.net

            url.jpg

            If pfblocker is blocking then it would not be possible to load up favicon from there.. If your pointing that domain to say the pfblocker block IP, 10.10.10.10 or something - then you could load the favicon from that blocked site hosted by pfblocker.

            if you do a dig, or nslookup or host - your fav dns tool, or look in the firefox dns about:networking#dns

            What does the IP point too - if its pointing to some site for dnslblocker in pfblocker like 10.10.10.10, some vip on pfsense - then sure the favicon would be loaded from there and not the actual website favicon

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 24.11 | Lab VMs 2.7.2, 24.11

            1 Reply Last reply Reply Quote 0
            • O
              oever
              last edited by

              @johnpoz said in DNSBL not blocking URL:

              ?

              You're correct. 10.10.10.1/favicon.ico gives me the same result. Never thought oif that. Tnaks for enlightening me - now I can sleep agin 😊 . So much for assumptions - I thought I'd always see a block-message. Thanks again!

              johnpozJ 1 Reply Last reply Reply Quote 0
              • johnpozJ
                johnpoz LAYER 8 Global Moderator @oever
                last edited by

                @oever pfblocker vs just blocking by resolving to say 0.0.0.0 likes to point to a block page - that says hey this site is blocked. But if your looking for something specific loaded off that IP, 10.10.10.10 I think is default vip that is used.. But I think at some point there was recommendation to use something different.. Anywho - yeah block page is just hosted on pfsense off whatever the IP you use (vip on pfsense) to serve up the page to tell you hey that site is blocked.

                But if you try and load some specific resource off that httpd, like favicon.ico then sure yeah that could be loaded.

                Glad I could help you get some sleep ;)

                An intelligent man is sometimes forced to be drunk to spend time with his fools
                If you get confused: Listen to the Music Play
                Please don't Chat/PM me for help, unless mod related
                SG-4860 24.11 | Lab VMs 2.7.2, 24.11

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.