Unbound DNS whitelist not working

Started by gdur, October 03, 2020, 07:37:52 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
October 03, 2020, 07:37:52 PM
I've configured Unbound DNS using all suggested Types of DNSBL. This results in some unwanted unresolved URL's like i.e. support.microsoft.com after I discovered that windows update couldn't connect anymore. So I thought this could be corrected by entering these URL's in the whitelist section but that didn't help.
After having a look into /var/unbound/etc/dnsbl.conf I found the entry of support.microsoft.com and removed it and reloaded the Unbound service, than the URL was resolved correctly (using dig at the console). It appears that even though "support.microsoft.com" is entered in the whitelist section (amongst others) this is being ignored.
What do I do wrong???
October 03, 2020, 08:08:28 PM #1
Next version will ship a working update
October 07, 2020, 10:58:41 AM #2
Hi,
Does that mean that my findings were correct? Does the whitelist option has no effect in the current version?
And if so, is this also the case for the blacklist?
Thanks!
October 07, 2020, 12:53:25 PM #3
I havent verified myself but I read something in Github issues to better try current devel version or wait for next stable
February 01, 2021, 09:15:42 AM #4
Whitelisting still doesn't work in version 21.1. And there is no way to gain any insights into what is block or allowed. I don't understand why that is, it seems like a perfectly valid task to perform. Seeing if the blocklist is effective, is it blocking a domain to you need to whitelist, or vice versa, is something allowed through that you want to block. It is a complete blackbox.
February 02, 2021, 11:33:48 AM #5
Also still having issues on 21.1.
February 11, 2021, 08:28:11 AM #6
For me unbound whitelisting is working on 21.1.1.
At first I had an invalid regular expression which could be seen in the unbound log:
Code Select
blacklist download : skip invalid whitelist exclude pattern "custom_pattern_1" (*.domaintoexclude.com)
blacklist download : exclude domains matching ^(?![a-zA-Z\d]).*|.*localhost$

Using a valid regular expression like
Code Select
^.*\.domaintoexclude\.com$
resulted in the expected behavior:
Code Select
blacklist download : exclude domains matching ^(?![a-zA-Z\d]).*|.*localhost$|^.*\.domaintoexclude\.com$
I get the correct DNS reply now. Hopefully this helps.
September 02, 2021, 12:50:54 AM #7
So does dns whitelisting require using RegEx? the help text says "You can use regular expressions" not you must.
September 02, 2021, 10:04:11 PM #8
Quote from: gdur on October 03, 2020, 07:37:52 PM
I've configured Unbound DNS using all suggested Types of DNSBL. This results in some unwanted unresolved URL's like i.e. support.microsoft.com after I discovered that windows update couldn't connect anymore.
Maybe deselecting blocklist "WindowsSpyBlocker (update)" helps, then these urls mustn't be whitelisted manually afterwards.
Also "WindowsSpyBlocker (extra)" may be something you don't want to be blocked if you use applications like Skype, Bing, Live, Outlook, NCSI, Microsoft Office, ...
Print
Go Up Pages1
User actions