Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[request] identify blocklist for sinkhole domains #34

Closed
shawnkhall opened this issue Jan 23, 2019 · 5 comments
Closed

[request] identify blocklist for sinkhole domains #34

shawnkhall opened this issue Jan 23, 2019 · 5 comments

Comments

@shawnkhall
Copy link

Using 2.3.1

It would be great if there were a way to identify which blocklist(s) were responsible for sinkholing a domain I'm getting "0.0.0.0" for. This information would be ideal within the DNS Client tab.
@ShreyasZare
Copy link
Member

Thanks for the suggestion. The block lists are all merged into one in memory and there is no indication of which block list a domain name belongs. And there are domain names which are in multiple lists. This makes it difficult but not impossible.

DNS Client tab is just a client that is not linked to the DNS Server in anyway. It can just query a given name server and display its response.

I am wondering how this information would really be useful.

@shawnkhall
Copy link
Author

Perhaps an option then, so that the DNS Client tab could be used to poll the individual sources instead of the collective data.

As an example, I attempted to check for updates to various software today including TeamViewer and CDBurnerXP as well as several other applications. Both (and others) were blocked by the EMD list (hosts-file.net/emd.txt) as "malware." If nothing else, this helps me to determine that the quality of that list (and likely others from that source) is wanting, and I should probably stop using it. Likewise, the Technet Scripting Gallery is being blocked by their "fraud" list (FSA). For now I've whitelisted the domain names and will check the blocked domains more often to identify issues.

The problem is that In order to identify which list was causing it (since neither of these two apps could be considered malware) I had to download the 13 lists I subscribed to into individual files and search them with find. It would have saved me quite a bit of time to be able to identify which lists were responsible directly from the DNS Client tab.

Now I have a process in place to resolve this type of issue myself, but it would be better for others who come after me to be able to resolve these issues without having to resort to the same method.

@ShreyasZare
Copy link
Member

That seems to be useful from your description. I could add something like a TXT record in the blocked zone which would contain the block list url the domain was in. And then you could use the DNS Client to query TXT record and get all the block lists it was included in. This could be used by any DNS client on the network.

@shawnkhall
Copy link
Author

That would be perfect.

@ShreyasZare
Copy link
Member

Feature implemented in v2.4.

image

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@shawnkhall @ShreyasZare