alectrocute / UnboundBL

đŸ›‘ DNSBL (adblock) on OPNsense with UnboundBL & Unbound DNS
62 stars 12 forks source link

Some blacklisted dns names are working... #13

Open vistalba opened 5 years ago

vistalba commented 5 years ago

Hi

I don't know why, but some dns names in the lists are working, also if they are on blacklists.

I added the following blacklists:

https://raw.githubusercontent.com/stevenblack/hosts/master/alternates/fakenews-gambling-porn/hosts
https://adaway.org/hosts.txt
http://someonewhocares.org/hosts/hosts
http://hosts-file.net/ad_servers.txt
http://sysctl.org/cameleon/hosts
https://isc.sans.edu/feeds/suspiciousdomains_Low.txt
https://mirror1.malwaredomains.com/files/immortal_domains.txt
https://hosts-file.net/fsa.txt
https://gist.githubusercontent.com/BBcan177/b6df57cef74e28d90acf1eec93d62d3b/raw/f0996cf5248657ada2adb396f3636be8716b99eb/MS-4
http://zerodot1.gitlab.io/coinblockerlists/list_browser.txt
https://s3.amazonaws.com/lists.disconnect.me/simple_tracking.txt
https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt
https://isc.sans.edu/feeds/suspiciousdomains_Low.txt
https://ransomwaretracker.abuse.ch/downloads/RW_DOMBL.txt

This results on 299,251 blacklist entries. After that I restarted unbound server.

When I now select some domains from one of the lists above they can be resolved :(

Edit: One thing I just realized... the plugin does change the URLs to lower-case... this is a problem for URLs like https://ransomwaretracker.abuse.ch/downloads/RW_DOMBL.txt or https://isc.sans.edu/feeds/suspiciousdomains_Low.txt which are only working with upper-case letters.

fireheadman commented 4 years ago

+1 on this for me also... I started with a single blocklist to test with.

cat /usr/local/etc/Unboundbl/UnboundBL.conf [general] whitelist=nextcloud.com blacklist=https://phishing.army/download/phishing_army_blocklist_extended.txt

image

...went to the list and tested a random site out and I was able to get to it. So doesn't seem like it really blocks anything. (https://zillow.oneinfotech.com/) <---This is in the blocklist and it works (which it should work).

Going to uninstall for now, if anything is updated I would be happy to test. Sound like piHole is the only solution for now.