New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Unbound DNSBL downloader script duplicate zones and doesn't sanitize list entries #4898
Comments
@defiantmonkey can you try 31a0c40 ? install from a console:
|
Hi if this is a good place for discussion I would suggest changing the regex in the blacklists.ini to |
@kulikov-a I think we just crossed each other :) can you take a look at 31a0c40 as well? cleansing is definitely a good idea. |
@AdSchellevis ) works great! I want to test the regex itself a little more, but it works great for the first checks. thanks! |
@AdSchellevis I remembered why I included the leading underscore in the regex used.
although probably the latter now makes no sense at all) |
@kulikov-a yes, let's do that. thanks! |
@AdSchellevis thanks!! |
o while here, add missing import as well
Important notices
Before you add a new report, we ask you kindly to acknowledge the following:
Describe the bug
My unbound installation wouldn't start the other day and I found out that some urls in dnsbl.conf had an extra quote (") inside the the already quoted url, which unbound didn't like and wouldn't start so long as the dnsbl.conf was malformed. The syslog for backend through the GUI only showed that it tried to start and exited with a bad status code (1), so in order to find out what was causing issues I had to manually invoke unbound_start.sh from a terminal.
The entries comes from one of the lists I'm using but I did not check which one. It might also be worth noting that there were other special characters some of the urls (one I saw had ," as part of the domain name).
As a side effect of troubleshooting this, I also found out that when the downloader runs there are duplicate domains, as the entries being added aren't stripped of extra spaces and could potentially be the same domain but different casing (ie: uppercase vs lowercase counts as uniqueness).
To Reproduce
Steps to reproduce the behavior:
Expected behavior
download_blacklists.py strips all extra whitespace, considers different cased domain names as non-unique, and strips away extra quotes in domain names
Describe alternatives you considered
Currently I have modified download_blacklists.py line 128 locally to replace "blacklist_items.add(entry)" with "blacklist_items.add(entry.lower().strip().replace(""", ""))" in order to not manually have to check dnsbl.conf and fix the entries.
Environment
OPNsense 21.1.4-amd64 (LibreSSL)
The text was updated successfully, but these errors were encountered: