Modify

Opened 13 months ago

Closed 6 weeks ago

#13 closed FalseNegative (fixed)

ads-game-187f4.firebaseapp.com

Reported by: admin Owned by: admin
Priority: major Milestone: Release Candidate 1
Component: RPZ Version: 0.1
Severity: savir Keywords: adware rpz dns
Cc: pdns@…

Description (last modified by admin)

ads-game-187f4.firebaseapp.com

This domain is clearly a AdWare domain used to track and serve ads in different forms, but what is also rather clear is that the game and the 187f4 are used as identifications for who to 'pay' for distributing Google's AdWare

So how can we solve this?

  1. It world have been nice if the PDNS-Server could handle the wildcard in form of ads-*.firebaseapp.com but it can't :(
  2. Let's try with regex in the pdnsutil...
     ^ads-[a-z]{4}-[a-z0-9]{1,5}.firebaseapp.com$
    

Attachments (0)

Change History (6)

comment:1 by admin, 13 months ago

What have we learned so far

you can use pdnsutil add-record to add a wildcard within a record.. there is no validation check of the given dns record.

pdnsutil add-record rpz.mypdns.cloud ads-*.firebaseapp.com CNAME 345600 .
New rrset:
ads-*.firebaseapp.com.rpz.mypdns.cloud. IN CNAME 345600 .

using regex in pdnsutil add-record fails..

pdnsutil add-record rpz.mypdns.cloud ^ads-[a-z]{4}-[a-z0-9]{1,5}\.firebaseapp\.com$ CNAME 345600 .
Error: Unknown DNS type '^ads-[a-z]{4}-[a-z0-9]5.firebaseapp.com$'

pdnsutil add-record rpz.mypdns.cloud ^ads-[a-z]{4}-[a-z0-9]{1,5}\.firebaseapp\.com CNAME 345600 .
Error: Unknown DNS type '^ads-[a-z]{4}-[a-z0-9]5.firebaseapp.com'

comment:2 by admin, 13 months ago

This leaves me to use the RegeEx for dnsdist :( and by that two placed to maintain....

Better get learned how to make the lua lookup some DB to centralize this.

So result is to generate the regex-nxdomain.lua and add the following code

addAction(RegexRule("(^ads)[-][a-z]{4}[-][a-z0-9]{1,5}\.firebaseapp\.com$"), RCodeAction(dnsdist.NXDOMAIN))

comment:3 by admin, 13 months ago

The result became

dnsdist -e 'addAction(RE2Rule("(^ads)[-][a-z]{4}[-][a-z0-9]{1,5}\\.firebaseapp\\.com$"), RCodeAction(dnsdist.NXDOMAIN))'

comment:4 by admin, 13 months ago

Description: modified (diff)

in reply to:  3 comment:5 by admin, 13 months ago

Replying to Spirillen:

The result became

dnsdist -e 'addAction(RE2Rule("(^ads)[-][a-z]{4}[-][a-z0-9]{1,5}\\.firebaseapp\\.com$"), RCodeAction(dnsdist.NXDOMAIN))'

This seems to actually also stops a lot of commercials on YouTube :) but still testing

comment:6 by admin, 6 weeks ago

Resolution: fixed
Status: assignedclosed

This issue have been blocked by this GH-issue, by blocking this Google domain entirely. See also this commit

Modify Ticket

Action
as closed The owner will remain admin.
The resolution will be deleted. Next status will be 'reopened'.

Add Comment


E-mail address and name can be saved in the Preferences .
 
Note: See TracTickets for help on using tickets.