1
19.7 Legacy Series / Some domains pass Squid, Unbound, OpenDNS trio
« on: January 19, 2020, 02:11:06 pm »
Hi Friends,
I am using opnsense in my little shop, but have some leak problems.
System:
OpenDNS as system wide DNS server (enabled "Do not use the local DNS service as a nameserver for this system")
Unbound ("Forwarding enabled" if not enabled things go worser)
Squid (Transparent, ACL Lists added)
IPv6 Disabled (on Firewall,DHCP, On Squid use IPv4 first enabled)
To test my lists working or not I have used "Xenu Link Checker" and start a test with "dsi.ut-capitole.fr" pfsense optimizied lists.
After test with ~22000 urls, I got ~500 reachable urls. And wierd things happening.
All the leaked urls were in squid ACL
* Most of the urls blocked by OpenDNS (but 500 passed "OK its possible")
* Squid cannot catch this 500 urls they are also in ACL
How a trick these sites are using to leak?
Some on cloudflare I blocked all IP Ranges for it on Firewall
But I see lots of other host/name server can trick like this. It is not a solution to block hosts IP Range, lots of clean sites affected from this.
Thanks for advance and help,
PS: I can add leaked urls but all are porn sites so I dont want to add. If needed I can add.
I am using opnsense in my little shop, but have some leak problems.
System:
OpenDNS as system wide DNS server (enabled "Do not use the local DNS service as a nameserver for this system")
Unbound ("Forwarding enabled" if not enabled things go worser)
Squid (Transparent, ACL Lists added)
IPv6 Disabled (on Firewall,DHCP, On Squid use IPv4 first enabled)
To test my lists working or not I have used "Xenu Link Checker" and start a test with "dsi.ut-capitole.fr" pfsense optimizied lists.
After test with ~22000 urls, I got ~500 reachable urls. And wierd things happening.
All the leaked urls were in squid ACL
* Most of the urls blocked by OpenDNS (but 500 passed "OK its possible")
* Squid cannot catch this 500 urls they are also in ACL
How a trick these sites are using to leak?
Some on cloudflare I blocked all IP Ranges for it on Firewall
But I see lots of other host/name server can trick like this. It is not a solution to block hosts IP Range, lots of clean sites affected from this.
Thanks for advance and help,
PS: I can add leaked urls but all are porn sites so I dont want to add. If needed I can add.