search

folbricht / routedns

DNS stub resolver, proxy and router with support for DoT, DoH, DoQ, and DTLS
BSD 3-Clause "New" or "Revised" License
466 stars 62 forks source link

GeoIP Blocking not working #362

Closed charlieporth1 closed 9 months ago

charlieporth1 commented 9 months ago

I'm being DNS DDOSed by the chinese and I block all of china 

  GNU nano 6.2                              /home/charlieporth1_gmail_com/Programs/route-dns/china-geo-blocklist.toml                                        
[groups.ctp-dns-blocklist-vulnerability-client-geo-china]
type                = "client-blocklist"
resolvers           = ["ctp-dns-blocklist-vulnerability-client-geo-blocklist-level-5"]
blocklist-resolver  = "drop-all"
blocklist-format    = "location"
location-db         = "/usr/share/GeoIP/GeoLite2-City.mmdb"
blocklist           = [
        "1114952",
        "1114953",
        "1114970",
        "1114982",
        "1115006",
        "1115007",
        "1161917",
        "1161921",
        "1161927",
        "1161928",
        "1161929",
        "1161934",
        "1161938",
        "1161944",
        "1161952",
        "1161955",
        "1161962",
        "1164617",
        "1164924",
        "1165917",
        "1168707",
        "1181081",
        "1221290",
        "1252539",
        "1252642",
        "1252791",
        "1254553",
        "1257168",
        "1257493",
        "1260498",
        "1263526",

com@ctp-device:~$ grep 1784764 $ROUTE/china-geo-blocklist.toml 
    "1784764",
time="2023-12-15T03:06:54Z" level=debug msg="resolver returned failure, waiting for next response" client=101.68.211.2 error="dial tcp 71.195.63.5:53: connect: connection refused" id=ctp-dns_group-fastest-raw qname=7ckw.jelastic.regruhosting.ru. qtype=CNAME resolver=ctp-dns-home-tcp
^Ct                 
root@9080565c5e2698:/app# mmdblookup -i 101.68.211.2 -f /usr/share/GeoIP/GeoLite2-ASN.mmdb

  {
    "autonomous_system_number": 
      4837 <uint32>
    "autonomous_system_organization": 
      "CHINA UNICOM China169 Backbone" <utf8_string>
  }

root@9080565c5e2698:/app# mmdblookup -i 101.68.211.2 -f /usr/share/GeoIP/GeoLite2-ASN.mmdb

  {
    "autonomous_system_number": 
      4837 <uint32>
    "autonomous_system_organization": 
      "CHINA UNICOM China169 Backbone" <utf8_string>
  }
root@9080565c5e2698:/app# mmdblookup -i 101.68.211.2 -f /usr/share/GeoIP/GeoLite2-City.mmdb 

  {
    "city": 
      {
        "geoname_id": 
          1805953 <uint32>
        "names": 
          {
            "de": 
              "Jiaxing" <utf8_string>
            "en": 
              "Jiaxing" <utf8_string>
            "fr": 
              "Jiaxing" <utf8_string>
            "ja": 
              "嘉興市" <utf8_string>
            "ru": 
              "Цзясин" <utf8_string>
            "zh-CN": 
              "嘉兴" <utf8_string>
          }
      }
    "continent": 
      {
        "code": 
          "AS" <utf8_string>
        "geoname_id": 
          6255147 <uint32>
        "names": 
          {
            "de": 
              "Asien" <utf8_string>
            "en": 
              "Asia" <utf8_string>
            "es": 
              "Asia" <utf8_string>
            "fr": 
              "Asie" <utf8_string>
            "ja": 
              "アジア" <utf8_string>
            "pt-BR": 
              "Ásia" <utf8_string>
            "ru": 
              "Азия" <utf8_string>
            "zh-CN": 
              "亚洲" <utf8_string>
          }
      }
    "country": 
      {
        "geoname_id": 
          1814991 <uint32>
        "iso_code": 
          "CN" <utf8_string>
        "names": 
          {
            "de": 
              "China" <utf8_string>
            "en": 
              "China" <utf8_string>
            "es": 
              "China" <utf8_string>
            "fr": 
              "Chine" <utf8_string>
            "ja": 
              "中国" <utf8_string>
            "pt-BR": 
              "China" <utf8_string>
            "ru": 
              "Китай" <utf8_string>
            "zh-CN": 
              "中国" <utf8_string>
          }
      }
    "location": 
      {
        "accuracy_radius": 
          100 <uint16>
        "latitude": 
          30.748800 <double>
        "longitude": 
          120.748600 <double>
        "time_zone": 
          "Asia/Shanghai" <utf8_string>
      }
    "registered_country": 
      {
        "geoname_id": 
          1814991 <uint32>
        "iso_code": 
          "CN" <utf8_string>
        "names": 
          {
            "de": 
              "China" <utf8_string>
            "en": 
              "China" <utf8_string>
            "es": 
              "China" <utf8_string>
            "fr": 
              "Chine" <utf8_string>
            "ja": 
              "中国" <utf8_string>
            "pt-BR": 
              "China" <utf8_string>
            "ru": 
              "Китай" <utf8_string>
            "zh-CN": 
              "中国" <utf8_string>
          }
      }
    "subdivisions": 
      [
        {
          "geoname_id": 
            1784764 <uint32>
          "iso_code": 
            "ZJ" <utf8_string>
          "names": 
            {
              "en": 
                "Zhejiang" <utf8_string>
              "fr": 
                "Province de Zhejiang" <utf8_string>
              "zh-CN": 
                "浙江省" <utf8_string>
            }
        }
      ]
  }
cbuijs commented 9 months ago

I am not sure, but I think subdivisions are not supported.

As alternative or workaround, you can use this blocklist with client-blocklist: https://raw.githubusercontent.com/cbuijs/ripe-geo/master/countries/china.list

The lists include subdivisions and other stuff, check the repo (updated every 12h).

echo "101.68.211.2" | grepcidr -xf china.list
101.68.211.2
charlieporth1 commented 9 months ago

I am not sure, but I think subdivisions are not supported.

As alternative or workaround, you can use this blocklist with client-blocklist: https://raw.githubusercontent.com/cbuijs/ripe-geo/master/countries/china.list

The lists include subdivisions and other stuff, check the repo (updated every 12h).

echo "101.68.211.2" | grepcidr -xf china.list
101.68.211.2

I am using that as well. It should be noted that I am blocking all of china including the country and some how the IP address are not being blocked. Also, your lists which I am using are not blocking them

image

cbuijs commented 9 months ago

Interesting... Could you some example IP-Addresses? So I can research it?

Mind that lots of GEO-IP databases are only up to 70-80 percent correct. Some allocated IP-Ranges for example, that "belong" to China might be splitted of to an amazon instance in USA. So allocation wise it might be right, but on usage it will never be 100% right. I find Ripe and IPDENY pretty accurate. MaxMind is pretty good in "The West" but less everywhere else. They are all very USA centric.

The hosters are very inaccurattly represented and my experience is that most "attacks" come from there: image

See also: https://support.maxmind.com/hc/en-us/articles/4407630607131-Geolocation-Accuracy https://www.maxmind.com/en/geoip2-city-accuracy-comparison https://www.ip2location.com/data-accuracy https://www.bigdatacloud.com/insights/ip-geolocation-accuracy-report

In the future I also will see what is possible to include ipinfo.io data if possible/allowed.

cbuijs commented 9 months ago

BTW, you might want to try the "blunt axe" method and use these lists: https://raw.githubusercontent.com/cbuijs/ripe-geo/master/continents/asia.list https://raw.githubusercontent.com/cbuijs/ripe-geo/master/regions/middle-east.list

Whole of ASIA and Middle-east, you might block more than intended and break stuff...

charlieporth1 commented 9 months ago

Config issue not route-dns, Your lists work Thanks for the help @cbuijs