[Remove Request] - api.xiaomi.com

[p4checo]

URL you wish to be removed: api.xiaomi.com

Why you believe this to be a false positive: This domain provides core functionality for my Roborock S5 vacuum robot, by supporting the house map feature (which allows seeing where the robot is, what it has cleaned, define zones., etc).

List it is on: The Block List - Ads - https://blocklistproject.github.io/Lists/adguard/ads-ags.txt

Other info you think we should know: N/A

Thanks! 🙏🏼

[Sakk1998]

@blocklistproject @FDrebin 🛵Oneday Trip With ಹೊನ್ನಾವರ To ಮುರುಡೇಶ್ವರ🌊🔥Beach, 😍Unexpected people meet, funny, Vlogs in kannadaNanna parthi kopa Nene karana nannge TIME kodtha illa yavga beku avga call msg madthiya.. Nannge TIME kodtha illaaaaaaaCorrect agi nene hleu modlena Hagee msg call correct agi madtha ideyaModalena hage nin illa correct agi call illa msg illa 😢😢yestu wait madsthiya addke kopa......Modalena hage nin illa correct agi call illa msg illa 😢😢yestu wait madsthiya addke kopa......

[thomasmerz]

Host api.xiaomi.com not found: 3(NXDOMAIN)

[thomasmerz]

@p4checo , are you sure that blocking this domain is your problem and that removing it from ad-list will solve your problem? Because there's no A or AAAA record for this host at all:

$ dig api.xiaomi.com @5.1.66.255

; <<>> DiG 9.16.38 <<>> api.xiaomi.com @5.1.66.255
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 58335
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;api.xiaomi.com.            IN  A

;; AUTHORITY SECTION:
xiaomi.com.     21  IN  SOA ns3.dnsv5.com. enterprise3dnsadmin.dnspod.com. 1682067692 3600 180 1209600 180

;; Query time: 27 msec
;; SERVER: 5.1.66.255#53(5.1.66.255)
;; WHEN: Fri Apr 21 16:20:07 CEST 2023
;; MSG SIZE  rcvd: 116

There's also no A or AAAA when querying the authoritative nameservers 🤷🏼‍♂️

[p4checo]

hi @thomasmerz

I am no expert in DNS, so apologies if I'm not following 🙈 You're saying the domain isn't registered / doesn't exist?

Still, the reality is that I got multiple requests to subdomains of api.xiaomi.com getting blocked by AdGuard, namely:

• awsusor0.fds.api.xiaomi.com
• awsde0.fds.api.xiaomi.com

And only after I added a whitelist rule for this domain did stuff start working again on my Roborock.

In the end, if you're arguing this domain "doesn't exist", then why is it on the list then? 😆

[thomasmerz]

I used git blame ads.txt | ack api.xiaomi.com and found https://github.com/blocklistproject/Lists/commit/af6a5d49 but no hint why @cryptogap added api.xiaomi.com 🤷🏼‍♂️

[thomasmerz]

I'm no expert in AdGuard but removing this line will stop blocking ALL subdomains for api.xiaomi.com:

adguard/ads-ags.txt
37546:||api.xiaomi.com^

…what whould make these lines obsolete:

40056:||awssgp0-files.fds.api.xiaomi.com^
40059:||awsusor0-cdn.fds-ssl.api.xiaomi.com^
49388:||cdn.fds-ssl.api.xiaomi.com^
49389:||cdn.fds.api.xiaomi.com^
79900:||ime.api.xiaomi.com^
80550:||in.o2o.api.xiaomi.com^
92250:||metrics.api.xiaomi.com^
92777:||mibi.api.xiaomi.com^
98964:||o2o.api.xiaomi.com^
116951:||sgp.o2o.api.xiaomi.com^
121214:||staging.ai.api.xiaomi.com^
151785:||xshare.api.xiaomi.com^

@hagezi you are an expert in AdGuard, are you? Can you help here?

[spirillen]

@thomasmerz just a friendly note.

instead of using dig to check for availability you should use drill -T @record this will bypass any DNS servers and start checking from the root servers giving you a trustworthy response, anything else can be manipulated by anyone in the supply chain

:~$ drill -T api.xiaomi.com
.       518400  IN      NS      g.root-servers.net.
.       518400  IN      NS      j.root-servers.net.
.       518400  IN      NS      e.root-servers.net.
.       518400  IN      NS      l.root-servers.net.
.       518400  IN      NS      d.root-servers.net.
.       518400  IN      NS      a.root-servers.net.
.       518400  IN      NS      b.root-servers.net.
.       518400  IN      NS      i.root-servers.net.
.       518400  IN      NS      m.root-servers.net.
.       518400  IN      NS      h.root-servers.net.
.       518400  IN      NS      c.root-servers.net.
.       518400  IN      NS      k.root-servers.net.
.       518400  IN      NS      f.root-servers.net.
com.    172800  IN      NS      a.gtld-servers.net.
com.    172800  IN      NS      i.gtld-servers.net.
com.    172800  IN      NS      c.gtld-servers.net.
com.    172800  IN      NS      m.gtld-servers.net.
com.    172800  IN      NS      b.gtld-servers.net.
com.    172800  IN      NS      d.gtld-servers.net.
com.    172800  IN      NS      e.gtld-servers.net.
com.    172800  IN      NS      g.gtld-servers.net.
com.    172800  IN      NS      f.gtld-servers.net.
com.    172800  IN      NS      h.gtld-servers.net.
com.    172800  IN      NS      l.gtld-servers.net.
com.    172800  IN      NS      j.gtld-servers.net.
com.    172800  IN      NS      k.gtld-servers.net.
xiaomi.com.     172800  IN      NS      ns3.dnsv5.com.
xiaomi.com.     172800  IN      NS      ns4.dnsv5.com.
xiaomi.com.     180     IN      SOA     ns3.dnsv5.com. enterprise3dnsadmin.dnspod.com. 1682489725 3600 180 1209600 180
:~$

If the domain isn't found you should then be using whois $RECORDS (can be ip addresses as well

whois xiaomi.com
Domain Name: XIAOMI.COM
Registry Domain ID: 100887259_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.ename.com
Registrar URL: http://www.ename.net
Updated Date: 2023-03-15T07:36:06Z
Creation Date: 2003-07-22T01:47:08Z
Registry Expiry Date: 2024-07-22T01:47:08Z
Registrar: eName Technology Co., Ltd.
Registrar IANA ID: 1331
Registrar Abuse Contact Email: abuse@ename.com
Registrar Abuse Contact Phone: 86.4000044400
Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Name Server: NS3.DNSV5.COM
Name Server: NS4.DNSV5.COM
DNSSEC: unsigned

.. snipped ...

[spirillen]

@p4checo this record is a wildcard record, while any subdomains to api.* is used for tracking and adware, yes it is used for other things as well, but this is the price by using DNS blocking only

matrix.org rules
awssgp0-files.fds.api.xiaomi.com    CNAME . ; Tracking
awsusor0-cdn.fds-ssl.api.xiaomi.com CNAME . ; Tracking
cdn.fds-ssl.api.xiaomi.com  CNAME . ; Tracking
cdn.fds.api.xiaomi.com  CNAME . ; Tracking
ime.api.xiaomi.com  CNAME . ; Tracking
in.o2o.api.xiaomi.com   CNAME . ; Tracking
metrics.api.xiaomi.com  CNAME . ; Tracking
mibi.api.xiaomi.com CNAME . ; Tracking
o2o.api.xiaomi.com  CNAME . ; Tracking
o2o.xiaomi.com   CNAME . ; Tracking
sgp.o2o.api.xiaomi.com  CNAME . ; Tracking
sgp.o2o.xiaomi.com   CNAME . ; Tracking
staging.ai.api.xiaomi.com   CNAME . ; Tracking
xshare.api.xiaomi.com   CNAME . ; Tracking

Searching external sources
data/blocklist_ads/domain.list:api.xiaomi.com
data/blocklist_ads/domain.list:awssgp0-files.fds.api.xiaomi.com
data/blocklist_ads/domain.list:awsusor0-cdn.fds-ssl.api.xiaomi.com
data/blocklist_ads/domain.list:cdn.fds-ssl.api.xiaomi.com
data/blocklist_ads/domain.list:cdn.fds.api.xiaomi.com
data/blocklist_ads/domain.list:ime.api.xiaomi.com
data/blocklist_ads/domain.list:in.o2o.api.xiaomi.com
data/blocklist_ads/domain.list:metrics.api.xiaomi.com
data/blocklist_ads/domain.list:mibi.api.xiaomi.com
data/blocklist_ads/domain.list:o2o.api.xiaomi.com
data/blocklist_ads/domain.list:sgp.o2o.api.xiaomi.com
data/blocklist_ads/domain.list:staging.ai.api.xiaomi.com
data/blocklist_ads/domain.list:xshare.api.xiaomi.com
data/blocklist_crypto/domain.list:o2o.api.xiaomi.com
data/mitchellkrogza/Ultimate.Hosts.Blacklist/domain.list:awssgp0-files.fds.api.xiaomi.com
data/mitchellkrogza/Ultimate.Hosts.Blacklist/domain.list:cdn.fds.api.xiaomi.com

[hagezi]

@hagezi you are an expert in AdGuard, are you? Can you help here?

Yes, the rule ||api.xiaomi.com^ blocks api.xiaomi.com and all subdomains (*.api.xiaomi.com). This makes rules with subdomains like ||metrics.api.xiaomi.com^ obsolete. If you only remove the rule ||api.xiaomi.com^, the rules with the subdomains will take effect.

If the list were compressed by the AdGuard HostListCompiler, the obsolete rules would be sorted out and the list would become much smaller and more efficient. It seems that the domain lists with subdomains were simply converted into the AdBlock format without compressing them.

[p4checo]

Thanks @spirillen, that makes sense. The downside is that as it stands it will break legitimate functionality for Xiaomi product owners, and that's why I opened this PR. However you are right and if we remove it completely then we lose all the "protection" from the not so legitimate endpoints under this subdomain 🤷🏼

The alternative would be to only blacklist the tracking/adware endpoints, but maybe they are too many to enumerate 😅

In the meantime people like me can whitelist only the subdomains that provide legitimate functionality instead of the whole api.xiaomi.com. Will probably cause some frustration until people find out it's being blocked, but such is life.

Thanks everyone for the help 🙏🏼 Closing this as this domain won't be removed.