DNS Resolver not resolving a specific hostname
-
@michmoor said in DNS Resolver not resolving a specific hostname:
hq4ypryg.r.us-west-2.awstrack.me
Same thing here :
So pfBlockerng does what what it is paid for :
Btw : I can somewhat imagine that awstrack.me is listed in some DNSBL ^^
If your device was asking 1.1.1.1 directly, then you would have had an answer :
[24.03-RELEASE][root@pfSense.bhf.tld]/root: dig @1.1.1.1 hq4ypryg.r.us-west-2.awstrack.me +short r.us-west-2.awstrack.me. r.delegate.us-west-2.awstrack.me. baconredirects-elb-mev7rf5mv7m-1287676624.us-west-2.elb.amazonaws.com. 44.235.182.63 44.238.30.7 54.212.58.93
A solution : whitelist "hq4ypryg.r.us-west-2.awstrack.me", probably the entire ".awstrack.me" domain.
-
@michmoor not having any issues with resolving that
;; QUESTION SECTION: ;hq4ypryg.r.us-west-2.awstrack.me. IN A ;; ANSWER SECTION: hq4ypryg.r.us-west-2.awstrack.me. 3600 IN CNAME r.us-west-2.awstrack.me. r.us-west-2.awstrack.me. 3600 IN CNAME r.delegate.us-west-2.awstrack.me. r.delegate.us-west-2.awstrack.me. 3600 IN CNAME baconredirects-elb-mev7rf5mv7m-1287676624.us-west-2.elb.amazonaws.com. baconredirects-elb-mev7rf5mv7m-1287676624.us-west-2.elb.amazonaws.com. 3600 IN A 54.212.58.93 baconredirects-elb-mev7rf5mv7m-1287676624.us-west-2.elb.amazonaws.com. 3600 IN A 44.235.182.63 baconredirects-elb-mev7rf5mv7m-1287676624.us-west-2.elb.amazonaws.com. 3600 IN A 44.238.30.7
I would do a dig +trace on pfsense to see where you might be failing, keep in mind that you would have to manually follow a CNAME when you do a dig +trace.
-
@johnpoz said in DNS Resolver not resolving a specific hostname:
not having any issues
I'm betting that @mich is using :
or one of the other DNSBL that contains "track.me".
-
I checked my dnsbl.log file and its not coming up at all.
[24.03-RELEASE][admin@GAFW]/root: cat /var/log/pfblockerng/dnsbl.log | grep awstrack.me [24.03-RELEASE][admin@GAFW]/root:
My host IP which is 192.168.50.241 does show up in the block logs - showing just to verify that pfblk is doing its thing.
DNSBL-python,Aug 20 21:35:45,www.google-analytics.com,192.168.50.241,HSTS_A,TLD_A,DNSBL_Firebog_Malicious,google-analytics.com,DandelionSprouts,- DNSBL-python,Aug 26 22:21:34,ocsp.digicert.cn,192.168.50.241,Python,TLD_A,DNSBL_TLD,cn,DNSBL_TLD,+ DNSBL-python,Aug 26 22:21:34,crl.digicert.cn,192.168.50.241,Python,TLD_A,DNSBL_TLD,cn,DNSBL_TLD,+ DNSBL-python,Aug 28 09:04:27,ocsp.dcocsp.cn,192.168.50.241,Python,TLD_A,DNSBL_TLD,cn,DNSBL_TLD,+ DNSBL-python,Aug 29 09:52:59,matching.truffle.bid,192.168.50.241,Python,TLD_A,DNSBL_TLD,bid,DNSBL_TLD,+ DNSBL-python,Sep 6 14:17:38,ocsp.dcocsp.cn,192.168.50.241,Python,TLD_A,DNSBL_TLD,cn,DNSBL_TLD,+ DNSBL-python,Sep 10 08:57:52,cdn.adguard.info,192.168.50.241,Python,TLD_A,DNSBL_TLD,info,DNSBL_TLD,+ DNSBL-python,Sep 12 17:43:14,matching.truffle.bid,192.168.50.241,Python,TLD_A,DNSBL_TLD,bid,DNSBL_TLD,+ DNSBL-python,Sep 16 13:58:21,ocsp.digicert.cn,192.168.50.241,Python,TLD_A,DNSBL_TLD,cn,DNSBL_TLD,+ DNSBL-python,Sep 16 13:58:21,crl.digicert.cn,192.168.50.241,Python,TLD_A,DNSBL_TLD,cn,DNSBL_TLD,+ DNSBL-python,Sep 16 14:36:42,ocsp.trust-provider.cn,192.168.50.241,Python,TLD_A,DNSBL_TLD,cn,DNSBL_TLD,+ DNSBL-python,Sep 18 10:47:30,ocsp.dcocsp.cn,192.168.50.241,Python,TLD_A,DNSBL_TLD,cn,DNSBL_TLD,+
-
-
@michmoor said in DNS Resolver not resolving a specific hostname:
cat /var/log/pfblockerng/dnsbl.log | grep awstrack.me
Try this :
tail /var/log/pfblockerng/dnsbl.log | grep awstrack.me
or better (probably) :
tail -f /var/unbound/var/log/pfblockerng/dns | grep awstrack.me
Anyway, now its resolving for me, as I've "Group Policy" the IP of the PC I'm using right now, so a nslookup on my PC did work out, and the answer, the IP made it in the unbound cache, and from then then pfBlockerng is bypassed :(
I'm good for another cache trick to destroy the entry for awtrack.me using unbound-control or .... yeah ... restarting unbound again.
-
Ok i found it in the unified log but...its not hitting any block list which is why i excluded pfblocker from the analysis. Any reason why its failing to resolve still?
]/var/log/pfblockerng: grep -ir awstrack.me ./unified.log:DNS-reply,Sep 18 10:41:42,servfail,HTTPS,HTTPS,Unk,hq4ypryg.r.us-west-2.awstrack.me,192.168.50.241,ServFail,unk ./unified.log:DNS-reply,Sep 18 10:41:42,servfail,HTTPS,HTTPS,Unk,hq4ypryg.r.us-west-2.awstrack.me,192.168.50.241,ServFail,unk ./unified.log:DNS-reply,Sep 18 10:42:09,servfail,HTTPS,HTTPS,Unk,hq4ypryg.r.us-west-2.awstrack.me,192.168.50.241,ServFail,unk ./unified.log:DNS-reply,Sep 18 10:42:09,servfail,HTTPS,HTTPS,Unk,hq4ypryg.r.us-west-2.awstrack.me,192.168.50.241,ServFail,unk ./unified.log:DNS-reply,Sep 18 10:45:49,servfail,HTTPS,HTTPS,Unk,hq4ypryg.r.us-west-2.awstrack.me,192.168.50.241,ServFail,unk ./unified.log:DNS-reply,Sep 18 10:45:49,servfail,HTTPS,HTTPS,Unk,hq4ypryg.r.us-west-2.awstrack.me,192.168.50.241,ServFail,unk ./unified.log:DNS-reply,Sep 18 10:45:57,servfail,HTTPS,HTTPS,Unk,hq4ypryg.r.us-west-2.awstrack.me,192.168.50.241,ServFail,unk ./unified.log:DNS-reply,Sep 18 10:45:57,servfail,HTTPS,HTTPS,Unk,hq4ypryg.r.us-west-2.awstrack.me,192.168.50.241,ServFail,unk ./unified.log:DNS-reply,Sep 18 10:46:38,servfail,HTTPS,HTTPS,Unk,hq4ypryg.r.us-west-2.awstrack.me,192.168.50.241,ServFail,unk ./unified.log:DNS-reply,Sep 18 10:46:38,servfail,HTTPS,HTTPS,Unk,hq4ypryg.r.us-west-2.awstrack.me,192.168.50.241,ServFail,unk ./unified.log:DNS-reply,Sep 18 10:47:01,servfail,AAAA,AAAA,Unk,hq4ypryg.r.us-west-2.awstrack.me,192.168.50.223,ServFail,unk ./unified.log:DNS-reply,Sep 18 10:47:01,servfail,AAAA,AAAA,Unk,hq4ypryg.r.us-west-2.awstrack.me,192.168.50.223,ServFail,unk ./unified.log:DNS-reply,Sep 18 10:47:01,servfail,AAAA,AAAA,Unk,hq4ypryg.r.us-west-2.awstrack.me,192.168.50.223,ServFail,unk ./unified.log:DNS-reply,Sep 18 10:47:01,servfail,AAAA,AAAA,Unk,hq4ypryg.r.us-west-2.awstrack.me,192.168.50.223,ServFail,unk ./unified.log:DNS-reply,Sep 18 10:47:01,servfail,AAAA,AAAA,Unk,hq4ypryg.r.us-west-2.awstrack.me,192.168.50.223,ServFail,unk ./unified.log:DNS-reply,Sep 18 10:47:01,servfail,AAAA,AAAA,Unk,hq4ypryg.r.us-west-2.awstrack.me,192.168.50.223,ServFail,unk ./unified.log:DNS-reply,Sep 18 10:47:09,servfail,AAAA,AAAA,Unk,awstrack.me,192.168.50.223,ServFail,unk ./unified.log:DNS-reply,Sep 18 10:47:09,servfail,AAAA,AAAA,Unk,awstrack.me,192.168.50.223,ServFail,unk ./unified.log:DNS-reply,Sep 18 10:47:09,servfail,AAAA,AAAA,Unk,awstrack.me,192.168.50.223,ServFail,unk ./unified.log:DNS-reply,Sep 18 10:47:09,servfail,AAAA,AAAA,Unk,awstrack.me,192.168.50.223,ServFail,unk ./unified.log:DNS-reply,Sep 18 10:47:09,servfail,AAAA,AAAA,Unk,awstrack.me,192.168.50.223,ServFail,unk ./unified.log:DNS-reply,Sep 18 10:47:09,servfail,AAAA,AAAA,Unk,awstrack.me,192.168.50.223,ServFail,unk ./unified.log:DNS-reply,Sep 18 10:49:26,resolver,A,A,60,hq4ypryg.r.us-west-2.awstrack.me,127.0.0.1,0.0.0.0,prv ./unified.log:DNS-reply,Sep 18 10:49:26,resolver,A,A,60,hq4ypryg.r.us-west-2.awstrack.me,127.0.0.1,0.0.0.0,prv ./unified.log:DNS-reply,Sep 18 10:49:26,resolver,A,A,60,hq4ypryg.r.us-west-2.awstrack.me,127.0.0.1,0.0.0.0,prv ./unified.log:DNS-reply,Sep 18 10:49:26,resolver,AAAA,AAAA,Unk,hq4ypryg.r.us-west-2.awstrack.me,127.0.0.1,ServFail,unk ./unified.log:DNS-reply,Sep 18 10:49:26,resolver,CNAME,CNAME,60,hq4ypryg.r.us-west-2.awstrack.me,127.0.0.1,0.0.0.0,prv ./unified.log:DNS-reply,Sep 18 11:17:27,resolver,A,A,60,hq4ypryg.r.us-west-2.awstrack.me,127.0.0.1,0.0.0.0,prv ./unified.log:DNS-reply,Sep 18 11:17:27,resolver,A,A,60,hq4ypryg.r.us-west-2.awstrack.me,127.0.0.1,0.0.0.0,prv ./unified.log:DNS-reply,Sep 18 11:17:27,resolver,A,A,60,hq4ypryg.r.us-west-2.awstrack.me,127.0.0.1,0.0.0.0,prv ./unified.log:DNS-reply,Sep 18 11:17:27,resolver,AAAA,AAAA,Unk,hq4ypryg.r.us-west-2.awstrack.me,127.0.0.1,ServFail,unk ./unified.log:DNS-reply,Sep 18 11:17:27,resolver,CNAME,CNAME,60,hq4ypryg.r.us-west-2.awstrack.me,127.0.0.1,0.0.0.0,prv ./unified.log:DNS-reply,Sep 18 12:23:09,reply,A,SOA,1800,awstrack.me.networkingtitan.com,192.168.50.241,SOA,unk ./unified.log:DNS-reply,Sep 18 12:23:09,reply,AAAA,SOA,1800,awstrack.me.networkingtitan.com,192.168.50.241,SOA,unk ./unified.log:DNS-reply,Sep 18 12:23:09,servfail,AAAA,AAAA,Unk,awstrack.me,192.168.50.241,ServFail,unk ./dns_reply.log:DNS-reply,Sep 18 10:41:42,servfail,HTTPS,HTTPS,Unk,hq4ypryg.r.us-west-2.awstrack.me,192.168.50.241,ServFail,unk ./dns_reply.log:DNS-reply,Sep 18 10:41:42,servfail,HTTPS,HTTPS,Unk,hq4ypryg.r.us-west-2.awstrack.me,192.168.50.241,ServFail,unk ./dns_reply.log:DNS-reply,Sep 18 10:42:09,servfail,HTTPS,HTTPS,Unk,hq4ypryg.r.us-west-2.awstrack.me,192.168.50.241,ServFail,unk ./dns_reply.log:DNS-reply,Sep 18 10:42:09,servfail,HTTPS,HTTPS,Unk,hq4ypryg.r.us-west-2.awstrack.me,192.168.50.241,ServFail,unk ./dns_reply.log:DNS-reply,Sep 18 10:45:49,servfail,HTTPS,HTTPS,Unk,hq4ypryg.r.us-west-2.awstrack.me,192.168.50.241,ServFail,unk ./dns_reply.log:DNS-reply,Sep 18 10:45:49,servfail,HTTPS,HTTPS,Unk,hq4ypryg.r.us-west-2.awstrack.me,192.168.50.241,ServFail,unk ./dns_reply.log:DNS-reply,Sep 18 10:45:57,servfail,HTTPS,HTTPS,Unk,hq4ypryg.r.us-west-2.awstrack.me,192.168.50.241,ServFail,unk ./dns_reply.log:DNS-reply,Sep 18 10:45:57,servfail,HTTPS,HTTPS,Unk,hq4ypryg.r.us-west-2.awstrack.me,192.168.50.241,ServFail,unk ./dns_reply.log:DNS-reply,Sep 18 10:46:38,servfail,HTTPS,HTTPS,Unk,hq4ypryg.r.us-west-2.awstrack.me,192.168.50.241,ServFail,unk ./dns_reply.log:DNS-reply,Sep 18 10:46:38,servfail,HTTPS,HTTPS,Unk,hq4ypryg.r.us-west-2.awstrack.me,192.168.50.241,ServFail,unk ./dns_reply.log:DNS-reply,Sep 18 10:47:01,servfail,AAAA,AAAA,Unk,hq4ypryg.r.us-west-2.awstrack.me,192.168.50.223,ServFail,unk ./dns_reply.log:DNS-reply,Sep 18 10:47:01,servfail,AAAA,AAAA,Unk,hq4ypryg.r.us-west-2.awstrack.me,192.168.50.223,ServFail,unk ./dns_reply.log:DNS-reply,Sep 18 10:47:01,servfail,AAAA,AAAA,Unk,hq4ypryg.r.us-west-2.awstrack.me,192.168.50.223,ServFail,unk ./dns_reply.log:DNS-reply,Sep 18 10:47:01,servfail,AAAA,AAAA,Unk,hq4ypryg.r.us-west-2.awstrack.me,192.168.50.223,ServFail,unk ./dns_reply.log:DNS-reply,Sep 18 10:47:01,servfail,AAAA,AAAA,Unk,hq4ypryg.r.us-west-2.awstrack.me,192.168.50.223,ServFail,unk ./dns_reply.log:DNS-reply,Sep 18 10:47:01,servfail,AAAA,AAAA,Unk,hq4ypryg.r.us-west-2.awstrack.me,192.168.50.223,ServFail,unk ./dns_reply.log:DNS-reply,Sep 18 10:47:09,servfail,AAAA,AAAA,Unk,awstrack.me,192.168.50.223,ServFail,unk ./dns_reply.log:DNS-reply,Sep 18 10:47:09,servfail,AAAA,AAAA,Unk,awstrack.me,192.168.50.223,ServFail,unk ./dns_reply.log:DNS-reply,Sep 18 10:47:09,servfail,AAAA,AAAA,Unk,awstrack.me,192.168.50.223,ServFail,unk ./dns_reply.log:DNS-reply,Sep 18 10:47:09,servfail,AAAA,AAAA,Unk,awstrack.me,192.168.50.223,ServFail,unk ./dns_reply.log:DNS-reply,Sep 18 10:47:09,servfail,AAAA,AAAA,Unk,awstrack.me,192.168.50.223,ServFail,unk ./dns_reply.log:DNS-reply,Sep 18 10:47:09,servfail,AAAA,AAAA,Unk,awstrack.me,192.168.50.223,ServFail,unk ./dns_reply.log:DNS-reply,Sep 18 10:49:26,resolver,A,A,60,hq4ypryg.r.us-west-2.awstrack.me,127.0.0.1,0.0.0.0,prv ./dns_reply.log:DNS-reply,Sep 18 10:49:26,resolver,A,A,60,hq4ypryg.r.us-west-2.awstrack.me,127.0.0.1,0.0.0.0,prv ./dns_reply.log:DNS-reply,Sep 18 10:49:26,resolver,A,A,60,hq4ypryg.r.us-west-2.awstrack.me,127.0.0.1,0.0.0.0,prv ./dns_reply.log:DNS-reply,Sep 18 10:49:26,resolver,AAAA,AAAA,Unk,hq4ypryg.r.us-west-2.awstrack.me,127.0.0.1,ServFail,unk ./dns_reply.log:DNS-reply,Sep 18 10:49:26,resolver,CNAME,CNAME,60,hq4ypryg.r.us-west-2.awstrack.me,127.0.0.1,0.0.0.0,prv ./dns_reply.log:DNS-reply,Sep 18 11:17:27,resolver,A,A,60,hq4ypryg.r.us-west-2.awstrack.me,127.0.0.1,0.0.0.0,prv ./dns_reply.log:DNS-reply,Sep 18 11:17:27,resolver,A,A,60,hq4ypryg.r.us-west-2.awstrack.me,127.0.0.1,0.0.0.0,prv ./dns_reply.log:DNS-reply,Sep 18 11:17:27,resolver,A,A,60,hq4ypryg.r.us-west-2.awstrack.me,127.0.0.1,0.0.0.0,prv ./dns_reply.log:DNS-reply,Sep 18 11:17:27,resolver,AAAA,AAAA,Unk,hq4ypryg.r.us-west-2.awstrack.me,127.0.0.1,ServFail,unk ./dns_reply.log:DNS-reply,Sep 18 11:17:27,resolver,CNAME,CNAME,60,hq4ypryg.r.us-west-2.awstrack.me,127.0.0.1,0.0.0.0,prv ./dns_reply.log:DNS-reply,Sep 18 12:23:09,reply,A,SOA,1800,awstrack.me.networkingtitan.com,192.168.50.241,SOA,unk ./dns_reply.log:DNS-reply,Sep 18 12:23:09,reply,AAAA,SOA,1800,awstrack.me.networkingtitan.com,192.168.50.241,SOA,unk ./dns_reply.log:DNS-reply,Sep 18 12:23:09,servfail,AAAA,AAAA,Unk,awstrack.me,192.168.50.241,ServFail,unk
-
When I see this ( many identical fragments in the log ) :
@michmoor said in DNS Resolver not resolving a specific hostname:
resolver,A,A,60,hq4ypryg.r.us-west-2.awstrack.me,127.0.0.1,0.0.0.0,prv
Then the resolver got a question about 60,hq4ypryg.r.us-west-2.awstrack.me for an A record, coming in into its 127.0.0.1 and it had an answer (and not a fail !) : 0.0.0.0
For me : 0.0.0.0 = you've been "DNSBL". -
@Gertjan Ok...Figured it out. It was due to logging settings
Previous global letting setting wouldn't have shown me the blocks
After changing, that and reloading....its in the blacklist you specified.
-
@michmoor said in DNS Resolver not resolving a specific hostname:
Ok...Figured it out. It was due to logging settings
Previous global letting setting wouldn't have shown me the blocks
Lesson to be learned ... -
Anytime you have a blocking package installed (pfBlockerNG, DNSBL, Snort, or Suricata) and something acts weird or does not work, 99 times out of 100 it's going to be the blocking package(s) that is the cause.