spirillen
commented
5 months ago Nice issue, domains + reasons + links to more info
Open celenityy opened 5 months ago
spirillen
commented
5 months ago Nice issue, domains + reasons + links to more info
spirillen
commented
5 months ago coverage.mozilla.org is no longer a valid dns record
drill coverage.mozilla.org @9.9.9.10
;; ->>HEADER<<- opcode: QUERY, rcode: NXDOMAIN, id: 35387
;; flags: qr rd ra ; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;; coverage.mozilla.org. IN A
;; ANSWER SECTION:
;; AUTHORITY SECTION:
mozilla.org. 30 IN SOA infoblox1.private.mdc1.mozilla.com. hostmaster.mozilla.com. 2024020299 180 180 1209600 60
;; ADDITIONAL SECTION:
;; Query time: 26 msec
;; SERVER: 9.9.9.10
;; WHEN: Wed May 29 09:09:46 2024
;; MSG SIZE rcvd: 119
yoshimo
commented
5 months ago We should also differentiate between useful and not so useful data. I think top sites and promotions are not important compared to crash submissions and Normandy studies which directly improve the product.
spirillen
commented
5 months ago Regarding telemetry-coverage.mozilla.org I suggest those who can use wildcard blocking like RPZ and uBlock origin to append mozgcp.net to, as this is mozilla's CDN for various data collecting.
drill telemetry-coverage.mozilla.org @9.9.9.10
;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 21113
;; flags: qr rd ra ; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;; telemetry-coverage.mozilla.org. IN A
;; ANSWER SECTION:
telemetry-coverage.mozilla.org. 3600 IN CNAME telemetry-coverage.r53-2.services.mozilla.com.
telemetry-coverage.r53-2.services.mozilla.com. 300 IN CNAME prod.ingestion-edge.prod.dataops.mozgcp.net.
prod.ingestion-edge.prod.dataops.mozgcp.net. 60 IN A 34.120.208.123
;; AUTHORITY SECTION:
;; ADDITIONAL SECTION:
;; Query time: 172 msec
;; SERVER: 9.9.9.10
;; WHEN: Wed May 29 09:29:26 2024
;; MSG SIZE rcvd: 180However, I'm not going to do a lot here as this is already covered by blacklisting the spyware dns server that hosts this domain
*.googledomains.com.rpz-nsdname.spyware.mypdns.cloud,CNAME,.
*.googledomains.com.rpz-nsdname.adware.mypdns.cloud,CNAME,.
*.googledomains.com.rpz-nsdname.tracking.mypdns.cloud,CNAME,.For both
crash-stats.mozilla.com.
crash-stats.mozilla.org.you should be targeting the real destination CNAME socorro-webapp.services.mozilla.com.
drill crash-stats.mozilla.com @9.9.9.10
;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 33438
;; flags: qr rd ra ; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;; crash-stats.mozilla.com. IN A
;; ANSWER SECTION:
crash-stats.mozilla.com. 60 IN CNAME socorro-webapp.services.mozilla.com.
socorro-webapp.services.mozilla.com. 60 IN A 44.241.222.122
socorro-webapp.services.mozilla.com. 60 IN A 34.211.154.118
socorro-webapp.services.mozilla.com. 60 IN A 52.89.191.21
;; AUTHORITY SECTION:
;; ADDITIONAL SECTION:
;; Query time: 135 msec
;; SERVER: 9.9.9.10
;; WHEN: Wed May 29 09:47:41 2024
;; MSG SIZE rcvd: 127drill crash-stats.mozilla.org @9.9.9.10
;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 57434
;; flags: qr rd ra ; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;; crash-stats.mozilla.org. IN A
;; ANSWER SECTION:
crash-stats.mozilla.org. 60 IN CNAME socorro-webapp.services.mozilla.com.
socorro-webapp.services.mozilla.com. 60 IN A 34.211.154.118
socorro-webapp.services.mozilla.com. 60 IN A 44.241.222.122
socorro-webapp.services.mozilla.com. 60 IN A 52.89.191.21
;; AUTHORITY SECTION:
;; ADDITIONAL SECTION:
;; Query time: 95 msec
;; SERVER: 9.9.9.10
;; WHEN: Wed May 29 09:47:58 2024
;; MSG SIZE rcvd: 138
celenityy
commented
5 months ago Good catch! @spirillen
celenityy
commented
5 months ago Regarding
telemetry-coverage.mozilla.orgI suggest those who can use wildcard blocking like RPZ and uBlock origin to appendmozgcp.netto, as this is mozilla's CDN for various data collecting.
It looks like we can just block dataops.mozgcp.net, this appears to be where the telemetry's directed and I don't see any legitimate traffic going here.
I'll also add that I discovered another crash reporting domain: crash-stats.allizom.org, I'm not sure if it CNAMEs similar to the other crash reporting domains we already discovered though.
spirillen
commented
5 months ago crash-stats.allizom.org CNAME to socorro-webapp-allizom.stage.mozaws.net. so mozaws.net
spirillen
commented
5 months ago @Retold3202 just use drill -T example.com then you see the full lookup chain
celenityy
commented
5 months ago @Retold3202 just use
drill -T example.comthen you see the full lookup chain
Thanks for the tip, will do in the future when contributing these. 👍
Submit Form
Domains:
Details:
contile.services.mozilla.com- Responsible for sponsored top sites, promotions, and other sponsored content on Firefox, more info on Contile here.contile-images.services.mozilla.com- Same as above.coverage.mozilla.org- Firefox Coverage Telemetry.telemetry-coverage.mozilla.org- Same as above.crash-stats.mozilla.com- Used for Firefox crash reporting.crash-stats.mozilla.org- Same as above.firefox-android-home-recommendations.getpocket.com- Responsible for promotions and sponsored content on Firefox on Android.spocs.getpocket.com- Spocs is short for sponsored content, displays on Firefox's home page.topsites.services.mozilla.com- Another domain responsible for Firefox's sponsored "top sites".snippets.cdn.mozilla.net- Used for "tips", "suggestions", and other promotions from Mozilla. Has also been used for advertising. 1Hosts is already blockingsnippets.mozilla.com, so makes sense to block this as well.snippets.allizom.org- Same as above.normandy.cdn.mozilla.net- Used for telemetry and doing studies/pushing "recipes". More info on it here & here.Thank you for supporting 1Hosts.
It’s people like you who make these lists great! ❤