randomly blocked urls

[kalle07]

Hello there,

iam a beginner, so let me try to understand what is happend... so i installed it and choose one onlineblocklist (steven) and the local blocklist named "d7****", in these local blocklist i put some ip adresses myself. and really all running ok, so i can browse the internet and play some onlinegames, and some IP that i dont want are blocked. so i added some more IPs in my local blocklist now aprox 10000lines, save and flush... and after an restart of my system one ore more adresses where blocked that i dont can find in all blocklists (and i only searched the main word, without prefix and suffix, what can be the reason ? i only can allow the side (unblock) and than is ok or i restore my original local blocklist. how can i check my local blocklist for errors, i keep attention that is no unusual symbols like ! no and no \ and ending or beginning points, no comma...

thx for hints :) Kalle

[ShreyasZare]

Thanks for the post. The DNS server can block only domain names and not IP addresses. If you have actually added IP addresses then you should remove it as its not going to work.

You can find out which block list is responsible for blocking a domain name by querying the domain name for TXT type. You can use the DNS Client tab for this or use command like nslookup. The TXT record in the response will tell you the block list details.

[kalle07]

okay, no IP numbers ;) is it possible to check/log in which blocklist a blocked side i see in "Top Blocked Domains" is present ? same for Server Failure, to get an idea where it comes from or is it normal to get 1% failure if i have 2Mio blocket hosts. and may another question, should i set my firewall settings to filter local ip4 and ip6 because dns is running local. and may a third one, i know i can unblock some sides, a real whitelist import "txt file" is not implemented yet ?

thank you...

[Hemsby]

Hi,

You can use the DNS Client tab from the dashboard and query using the TXT record to see what list is blocking the request.

Kind Regards,

Roy Hagland

mail: @.**@.>

Please note that electronic mail may be monitored. This e-mail is confidential. If you received it by mistake, please let me know and then delete it from your system; you should not copy, disclose, or distribute its contents to anyone nor act in reliance on this e-mail, as this is prohibited and may be unlawful.

From: kalle @.> Sent: Wednesday, November 30, 2022 2:10 PM To: TechnitiumSoftware/DnsServer @.> Cc: Subscribed @.***> Subject: Re: [TechnitiumSoftware/DnsServer] randomly blocked urls (Issue #496)

okay, no IP numbers ;) is it possible to check/log in which blocklist a blocked side i see in "Top Blocked Domains" is present ? same for Server Failure, to get an idea where it comes from or is it normal to get 1% failure if i have 2Mio blocket hosts. and may another question, should i set my firewall settings to filter local ip4 and ip6 because dns is running local. and may a third one, i know i can unblock some sides, a real whitelist import "txt file" is not implemented yet ?

thank you...

— Reply to this email directly, view it on GitHubhttps://github.com/TechnitiumSoftware/DnsServer/issues/496#issuecomment-1332207128, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AISWMGV2JTQI5X67IPOBWNTWK5N4PANCNFSM6AAAAAASG7V6UQ. You are receiving this because you are subscribed to this thread.Message ID: @.**@.>>

[ShreyasZare]

is it possible to check/log in which blocklist a blocked side i see in "Top Blocked Domains" is present ?

Yes, just use the DNS Client tab to query for the domain name with type selected as TXT. The response will contain a TXT record that will tell which block list is responsible for blocking the domain name. You can also use any other tool like nslookup/dig to query the DNS server for TXT type.

same for Server Failure, to get an idea where it comes from or is it normal to get 1% failure if i have 2Mio blocket hosts.

ServerFailure is a generic error code which means that the DNS server failed to resolve the domain name in the request. The reason can be anything and most common reason is internet issues. Blocking domain names has no relation with ServerFailure responses since the DNS server knows that the domain is blocked and is always going to respond without any errors.

and may another question, should i set my firewall settings to filter local ip4 and ip6 because dns is running local.

Firewall is something totally independent of DNS and you have to configure it as per your requirements.

and may a third one, i know i can unblock some sides, a real whitelist import "txt file" is not implemented yet ?

You can just add the domain name to Allowed list on the web panel to unblock it. You can also use the import option in the Allowed section to bulk add domain names.

In case you want to have a URL for the txt file then you can add it in the block list with ! character at the start and it will be used to unblock the domain names automatically. For example, if the url is https://example.com/allowed-list.txt then add it in the block lists settings as !https://example.com/allowed-list.txt.

thank you...

You're welcome.

[kalle07]

i try it DNS-Tab in different ways .... This Server, Recursive Query and paste the blocket side and try type A and UDP and TCP, but in the TXT record response i only get some lines but never one of my blocklists or the real blocklist file name ... can you please explane ?

I use comodo as firewall, so at first my question is which program blocked first, DNS or my firewall, if i blocked for example "Programm01" want connect to "ABC.com" in my firewall and i have blocked "ABC.com" in technitium DNS ? and therefore the next question if technitium communicat all localy (127.0.0.1), and usualy my firewall(all firewalls) allow all local, than i must turn on a feature that also check local stuff, what do you think ?

ok, one request, can i import a whole blocklist with an "!" in front and all URLs inside will be unblocket, or i have to import a blocklist where each line is beginning with "!" ?

thy for hints, and for make the tracking less

[ShreyasZare]

i try it DNS-Tab in different ways .... This Server, Recursive Query and paste the blocket side and try type A and UDP and TCP, but in the TXT record response i only get some lines but never one of my blocklists or the real blocklist file name ... can you please explane ?

You must query only to "This Server" with type set to TXT. The response will contain the TXT record with text explaining why its blocked. If you dont see such a record in the response then the domain is not blocked by the DNS server.

I use comodo as firewall, so at first my question is which program blocked first, DNS or my firewall, if i blocked for example "Programm01" want connect to "ABC.com" in my firewall and i have blocked "ABC.com" in technitium DNS ?

If the firewall software is installed on your computer then its going to block first. It depends on how the firewall is designed to work. Like it may block only inside the web browser but some other app may be able to access the domain.

and therefore the next question if technitium communicat all localy (127.0.0.1), and usualy my firewall(all firewalls) allow all local, than i must turn on a feature that also check local stuff, what do you think ?

If the DNS server is also locally installed then the firewall may block the outbound request that the DNS server is making.

ok, one request, can i import a whole blocklist with an "!" in front and all URLs inside will be unblocket, or i have to import a blocklist where each line is beginning with "!" ?

The ! goes in front of the URL that you enter in the block list settings. All the domain names in such a block list will not be blocked by the blocking feature.

thy for hints, and for make the tracking less

You're welcome.

[kalle07]

I see, type "TXT" , all is working now ... may its usefull, to have a better overview wich blocklist named in "Block List URLs" has which filename in real ;)

so firewall its sometimes confusing if DNS server run my firewall is mostly quiet, and if i turn off DNS, some more block popups, so i want be shure all is save... cause if all outgoing programs running through the DNS and i allow my firewall all connections for DNS, than my firewall is useless, hope you understand. my firewall comodo is working like most commercial norton, zonealarm ...

one question for the blocklists are downloaded in "Block List URLs", where can a rise up the time for waiting for response for download them, now aprox 4sec is to short.

THY

[ShreyasZare]

I see, type "TXT" , all is working now ... may its usefull, to have a better overview wich blocklist named in "Block List URLs" has which filename in real ;)

I do not understand what that means. See this screenshot below which shows you the block list url responsible for blocking the domain:

so firewall its sometimes confusing if DNS server run my firewall is mostly quiet, and if i turn off DNS, some more block popups, so i want be shure all is save... cause if all outgoing programs running through the DNS and i allow my firewall all connections for DNS, than my firewall is useless, hope you understand. my firewall comodo is working like most commercial norton, zonealarm ...

Outbound requests by a program does not go via DNS server. DNS server just tells the program the IP address for the domain and the program is going to connect to that IP address directly.

one question for the blocklists are downloaded in "Block List URLs", where can a rise up the time for waiting for response for download them, now aprox 4sec is to short.

The block list URLs are downloaded automatically and the timeout is default which is 100 sec.

[kalle07]

I mean all ok, now i see the response and the url from the blocklist, but sometimes in the beginning it is complicate to finde out which is the real data-file name in the blocklist folder.

so at the moment all ok for me ;)

[kalle07]

oh may a new issue ? i ask here ... i have 3 PCs were DNS server is running, all slightly different, particular in running services and automated tasks. one of my PC, Win10 new install but i disabled some services and automated windows tasks, so if i install desktop runtime 7 and DNS all running fine. all running it blocks and dashboard show all, and if i change to default its also running, If i reboot no internet connection at all, even if i change from technitium to default or stop the service and no connection to localhost:5380, but my PC is still in local network (i have access from my other PC), only solution is install desktop and technitium again and it runs until next reboot, or if i deinstall technitium also all running again ... what can i try to handle it ?

[ShreyasZare]

oh may a new issue ? i ask here ... i have 3 PCs were DNS server is running, all slightly different, particular in running services and automated tasks. one of my PC, Win10 new install but i disabled some services and automated windows tasks, so if i install desktop runtime 7 and DNS all running fine. all running it blocks and dashboard show all, and if i change to default its also running, If i reboot no internet connection at all, even if i change from technitium to default or stop the service and no connection to localhost:5380, but my PC is still in local network (i have access from my other PC), only solution is install desktop and technitium again and it runs until next reboot, or if i deinstall technitium also all running again ... what can i try to handle it ?

Well, if you disable the service for Technitium DNS Server and if your computer is configured to use it as DNS then it will cause Internet to not work unless you change the DNS servers on the network adapter. If you have uninstalled the DNS server then too, you need to change the DNS servers in the wifi adapter's options.

[kalle07]

so i found out it was a firewall that was the different... i commented that i have 3 PC and only one of them has the problem ... so i installed the working firewall, so all ok now...

another hint if i remember right , if i export the DNS settings "backup" the manual added "managed network" options not exported, so only cloudflare, google, opendns, quad and technitium aviable after import the backup ...

and may some other blocklist, that you can implement in "qick add" https://github.com/hagezi/dns-blocklists https://github.com/lightswitch05/hosts https://github.com/Ultimate-Hosts-Blacklist/Ultimate.Hosts.Blacklist

have a nice day

[ShreyasZare]

another hint if i remember right , if i export the DNS settings "backup" the manual added "managed network" options not exported, so only cloudflare, google, opendns, quad and technitium aviable after import the backup ...

The backup/restore options work only for the DNS server. The system tray app is just a utility app available only on Windows platform and is not really a part of the DNS server itself.

[kalle07]

i see , ok

happy new year by the way ;)

another question, you can put it in new issue if you whant ...

is it possible to manage with these tray app a second technitium configuration, may with other blocklists ? is it may an idea for further versions ? and is it in anyway possible now to have 2 or more configurations ?

[ShreyasZare]

happy new year by the way ;)

Happy new year!

is it possible to manage with these tray app a second technitium configuration, may with other blocklists ? is it may an idea for further versions ? and is it in anyway possible now to have 2 or more configurations ?

The system tray app is not part of the DNS server so apart from the basic options that it provides for ease of use, there is nothing much possible to be done with it.

You can however run 2 separate DNS server instances on the same server. The instances however needs to be configured to listen on different ports. Check out this blog post to get an idea on running multiple instances of the DNS server on the same computer.

[ShreyasZare]

may with other blocklists ?

If you wish to use different blocklists for different users then take a look at the Advanced Blocking app which can do it.

[kalle07]

hey until now it runs very stable ;) one question, i think since i work with technitium the peer to peer update from windows in my intranet not work anymore, you know the service and the protnumbers are used for ?

[ShreyasZare]

hey until now it runs very stable ;) one question, i think since i work with technitium the peer to peer update from windows in my intranet not work anymore, you know the service and the protnumbers are used for ?

If you mean Windows Update that allows downloading from peers on local network then its not related to DNS. The only reason that it may be failing could be that you are using a block list which is blocking certain windows update domain names which is causing the feature to not work. You will need to find which domain name is being blocked when the windows update starts and then add them to allowed list and keep testing until it works.