Blocked sites are still accessible from network devices

Comments

10 comments

  • Avatar
    Firewalla

    Jeff, all the domain blocking are done via DNS.   For example in my case I have blocked coinhive.com.  See if you can test the same way.  (use your blocked domain replacing coinhive)

    What happen below is the dnsmasq server on Firewalla is returning a blackhole address for coinhive.com

    If your dns server is ipv6, let us know. 

    ```

    J-MacBook-Pro-6:aws j$ nslookup coinhive.com

    Server: 8.8.8.8

    Address: 8.8.8.8#53

    Name: coinhive.com

    Address: 198.51.100.99

     

     

    0
    Comment actions Permalink
  • Avatar
    Michael Musarra

    Similar situation. What do you do if ipv6?

    0
    Comment actions Permalink
  • Avatar
    Firewalla

    1. One workaround is to set the default DNS on your router to be ipv4. I think we someone got it working that way.  

    2. Use DHCP mode.  It will turn everything into ipv4

    3. Wait just couple more weeks, we will have ipv6 as an option to run.  The code is already running, just need to turn it on

    0
    Comment actions Permalink
  • Avatar
    Michael Musarra

    Will it be automatic, in that it can switch from ipv4 to ipv6, back and forth as needed?

    0
    Comment actions Permalink
  • Avatar
    Firewalla

    Once the feature is out, it is actually automatic.  In the next version likely you will have to do something to enable it.   Our worry is the initial set of beta users are not using ipv6, so we have not got much exposure.  So we are a bit careful pushing it out.

    0
    Comment actions Permalink
  • Avatar
    Michael Musarra

    There is an update tab in the app, do we hit that to update the firmware?

    0
    Comment actions Permalink
  • Avatar
    Firewalla

    the updates are all automatic.  No need to do anything

    0
    Comment actions Permalink
  • Avatar
    Jeff Lane

    So... I think I understand at least part of the problem, how is my network supposed to know to ask the Firewalla for IP addresses when making DNS requests?

    I'm running an internal; DHCP server that also provides internal DNS with forwarding.  So... 

     

    vsniff0refbidoj:development bladernr$ host -v mixmarket.biz

    Trying "mixmarket.biz"

    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2282

    ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2

     

    ;; QUESTION SECTION:

    ;mixmarket.biz. IN A

     

    ;; ANSWER SECTION:

    mixmarket.biz. 980 IN A 89.249.22.200

     

    ;; AUTHORITY SECTION:

    mixmarket.biz. 521 IN NS ns1.7host.ru.

    mixmarket.biz. 521 IN NS ns.7host.ru.

     

    ;; ADDITIONAL SECTION:

    ns.7host.ru. 42238 IN A 89.249.22.216

    ns1.7host.ru. 42238 IN A 89.249.24.10

     

    Received 122 bytes from 192.168.0.10#53 in 11 ms

    Trying "mixmarket.biz"

    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2289

    ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

     

    ;; QUESTION SECTION:

    ;mixmarket.biz. IN AAAA

     

    ;; AUTHORITY SECTION:

    mixmarket.biz. 980 IN SOA ns.7host.ru. hostmaster.7host.ru. 2014090931 3600 900 1209600 1200

     

    Received 89 bytes from 192.168.0.10#53 in 30 ms

    Trying "mixmarket.biz"

    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51725

    ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3

     

    ;; QUESTION SECTION:

    ;mixmarket.biz. IN MX

     

    ;; ANSWER SECTION:

    mixmarket.biz. 980 IN MX 5 mxs.mixmarket.biz.

     

    ;; AUTHORITY SECTION:

    mixmarket.biz. 521 IN NS ns.7host.ru.

    mixmarket.biz. 521 IN NS ns1.7host.ru.

     

    ;; ADDITIONAL SECTION:

    mxs.mixmarket.biz. 1580 IN A 89.249.22.207

    ns.7host.ru. 42238 IN A 89.249.22.216

    ns1.7host.ru. 42238 IN A 89.249.24.10

     

    Received 142 bytes from 192.168.0.10#53 in 3 ms

     

     

    So I guess the question now is, what exactly is firewalls doing to make other things on the network get DNS information from it?

    0
    Comment actions Permalink
  • Avatar
    Jeff Lane

    Ok, so changing my forwarders to point to the firewalla explicitly seems to have resolved this issue.  Now the question is, how to i set custom forwarders in Firewalla?  

    0
    Comment actions Permalink
  • Avatar
    Firewalla

    Jeff,  Firewalla can intercept traffic ... as long as your traffic is going through us, we know what it is.  And can do things with it, if it is not encrypted.

    0
    Comment actions Permalink

Please sign in to leave a comment.

Powered by Zendesk