Block DNS #361
Description
Hello FireHOL Team,
first of all, thank you for providing and maintaining the FireHOL blocklists – they are extremely useful.
I am currently using the FireHOL Level 1 and Level 3 IP sets on my firewall (OPNsense) and I noticed that one of the lists appears to cause outbound connections on port 53 (DNS) to be blocked.
Since port 53 is a standard DNS port and required for normal internet operation, I wanted to ask:
• Why is port 53 traffic being affected by FireHOL Level 1 / Level 3?
• Is this expected behavior (e.g. related to DNS open resolvers, DNS amplification, malware DNS C2 infrastructure)?
• Are there known false positives or special cases regarding DNS servers being included in these lists?
In my setup, I use DNS filtering and strict egress rules, so I want to ensure that I am not blocking legitimate DNS infrastructure unintentionally.
If needed, I can provide examples of the blocked IP addresses and logs from my firewall.
Thank you very much for your time.