Linked-in blocked if 3rd party list is used
vsviridov opened this issue · comments
Behaviour
Steps to reproduce this issue
- Use WPD.app (depends on this block list)
- Turn on Extra list
- Try to open linkedin.com
Expected behaviour
Web site should open
Actual behaviour
Tell me what happens instead
Rules used
data/firewall/extra.txt
Configuration
Country (ex. United-States) : Canada
$ dig www.linkedin.com
; <<>> DiG 9.16.1-Ubuntu <<>> www.linkedin.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8155
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.linkedin.com. IN A
;; ANSWER SECTION:
www.linkedin.com. 66 IN CNAME 2-01-2c3e-005a.cdx.cedexis.net.
2-01-2c3e-005a.cdx.cedexis.net. 5 IN CNAME www-linkedin-com.l-0005.l-msedge.net.
www-linkedin-com.l-0005.l-msedge.net. 136 IN CNAME l-0005.l-msedge.net.
l-0005.l-msedge.net. 151 IN A 13.107.42.14
;; Query time: 11 msec
;; SERVER: 10.0.0.142#53(10.0.0.142)
;; WHEN: Wed Jul 01 13:20:30 EDT 2020
;; MSG SIZE rcvd: 188
It's a CNAME block.
Personally I would get rid of the msedge.net rules because they block too much. For example:
$ dig www.msn.com
; <<>> DiG 9.16.1-Ubuntu <<>> www.msn.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56695
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;www.msn.com. IN A
;; ANSWER SECTION:
www.msn.com. 263 IN CNAME www-msn-com.a-0003.a-msedge.net.
www-msn-com.a-0003.a-msedge.net. 79 IN CNAME a-0003.a-msedge.net.
a-0003.a-msedge.net. 96 IN A 204.79.197.203
;; Query time: 74 msec
;; SERVER: 10.0.0.142#53(10.0.0.142)
;; WHEN: Wed Jul 01 13:21:54 EDT 2020
;; MSG SIZE rcvd: 104
$ dig www.bing.com
; <<>> DiG 9.16.1-Ubuntu <<>> www.bing.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33983
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;www.bing.com. IN A
;; ANSWER SECTION:
www.bing.com. 3552 IN CNAME a-0001.a-afdentry.net.trafficmanager.net.
a-0001.a-afdentry.net.trafficmanager.net. 29 IN CNAME dual-a-0001.a-msedge.net.
dual-a-0001.a-msedge.net. 34 IN A 13.107.21.200
dual-a-0001.a-msedge.net. 34 IN A 204.79.197.200
;; Query time: 150 msec
;; SERVER: 10.0.0.142#53(10.0.0.142)
;; WHEN: Wed Jul 01 13:23:14 EDT 2020
;; MSG SIZE rcvd: 151
$ dig onedrive.live.com
; <<>> DiG 9.16.1-Ubuntu <<>> onedrive.live.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44177
;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;onedrive.live.com. IN A
;; ANSWER SECTION:
onedrive.live.com. 27 IN CNAME odc-web-geo.onedrive.akadns.net.
odc-web-geo.onedrive.akadns.net. 274 IN CNAME odc-web-brs.onedrive.akadns.net.
odc-web-brs.onedrive.akadns.net. 274 IN CNAME odwebpl.trafficmanager.net.l-0004.dc-msedge.net.l-0004.l-msedge.net.
odwebpl.trafficmanager.net.l-0004.dc-msedge.net.l-0004.l-msedge.net. 138 IN CNAME l-0004.l-msedge.net.
l-0004.l-msedge.net. 84 IN A 13.107.42.13
;; Query time: 105 msec
;; SERVER: 10.0.0.142#53(10.0.0.142)
;; WHEN: Wed Jul 01 13:23:51 EDT 2020
;; MSG SIZE rcvd: 214
@vsviridov These IPs are part of extra rules. If you don't want them blocked, don't use extra rules. More info about rules in doc.