search

hagezi / dns-blocklists

DNS-Blocklists: For a better internet - keep the internet clean!
GNU General Public License v3.0
5.83k stars 200 forks source link

Huge amount of the internet is being blocked due to OCSP servers being blacklisted #1198

Closed t3dium closed 1 year ago

t3dium commented 1 year ago

Which AdBlocker/DNS cloud service do you use?

Pi-hole

Which blocklist(s) do you use?

Multi ULTIMATE

Which domain(s) should be unblocked?

amazontrust.com (and its subdomains) ocsp.godaddy.com ocsp.pki.goog ocsp.globalsign.com

Are some of the ones i found, there may be more

Why should the domain(s) be unblocked?

The false positives above leads to firefox (when having ocsp set to hard fail mode) refusing to load a lot of websites:

librewolf_yCMc6T5TfW

iam-py-test commented 1 year ago

I don't see any of those listed in ULTIMATE. Maybe they are being blocked via CNAME

hagezi commented 1 year ago

@t3dium

Update the list, there was a contaminated intermediate state yesterday because an allowlist was used as a blocklist in one source, details: https://github.com/AdguardTeam/HostlistsRegistry/issues/239#issuecomment-1601610003

I fixed this yesterday and the source was removed.

t3dium commented 1 year ago

ah my lists were a bit outdated, i can confirm the issue's fixed after updating them