search

hagezi / dns-blocklists

DNS-Blocklists: For a better internet - keep the internet clean!
GNU General Public License v3.0
5.83k stars 200 forks source link

sunglasseshut / ray-ban block #1575

Closed hyder365 closed 11 months ago

hyder365 commented 11 months ago

Which AdBlocker/DNS cloud service do you use?

Other

Other

custom

NextDNS users only

Which blocklist(s) do you use?

Multi LIGHT

Which domain(s) should be unblocked?

smetrics.ray-ban.com smetrics.sunglasshut.com

Why should the domain(s) be unblocked?

The domains "images.ray-ban.com" and "assets.sunglasshut.com" contain the product images on these two sunglasses websites. Neither of them are directly in the list, but it seems the list is still blocking them. I'd appreciate any help figuring out why.

https://www.sunglasshut.com/us/ray-ban/rb3183-805289018926 https://www.ray-ban.com/usa/sunglasses/RB3183%20MALE%20rb3183-black/805289528791

These two pages are mostly blank because of the aforementioned domains being blocked.

hagezi commented 11 months ago

Can't reproduce:

grafik

grafik

grafik

hyder365 commented 11 months ago

Thanks for your quick response. Do you have any ideas what could be blocking it for me?

$ grep -F ray-ban.com blacklist.txt smetrics.ray-ban.com sshhfy.ray-ban.com

$ grep -F sunglasshut.com blacklist.txt smetrics.sunglasshut.com

$ host assets.sunglasshut.com Host assets.sunglasshut.com not found: 5(REFUSED)

$ host assets.sunglasshut.com Host assets.sunglasshut.com not found: 5(REFUSED)

hagezi commented 11 months ago

This is a DNS server problem, not a blocklist problem:

REFUSED results when the DNS name server refuses to perform operations for policy reasons. For example, a particular device may be blocked if it is abusing the nameserver. Or, a particular operation, such as a zone transfer, might be forbidden.

hyder365 commented 11 months ago

This is a DNS server problem, not a blocklist problem:

REFUSED results when the DNS name server refuses to perform operations for policy reasons. For example, a particular device may be blocked if it is abusing the nameserver. Or, a particular operation, such as a zone transfer, might be forbidden.

I'm using your blacklist with dnscrypt-proxy, which is configured to give REFUSED responses for any domains in its blacklist. That is the expected response for blocked sites.

hagezi commented 11 months ago

OK.

If you deactivate the block list, does it work?

Deactivate it and post the output of:

dig assets.sunglasshut.com dig images.ray-ban.com

hyder365 commented 11 months ago

; <<>> dig 9.10.8-P1 <<>> assets.sunglasshut.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10781 ;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 512 ;; QUESTION SECTION: ;assets.sunglasshut.com. IN A

;; ANSWER SECTION: assets.sunglasshut.com. 9989 IN CNAME ds.img-b2c.luxottica.com.edgesuite.net. ds.img-b2c.luxottica.com.edgesuite.net. 9989 IN CNAME a652.dscq.akamai.net. a652.dscq.akamai.net. 9989 IN A 23.205.105.142 a652.dscq.akamai.net. 9989 IN A 23.205.105.175

;; Query time: 1 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Thu Sep 14 16:15:34 EDT 2023 ;; MSG SIZE rcvd: 166

; <<>> dig 9.10.8-P1 <<>> images.ray-ban.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30992 ;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 512 ;; QUESTION SECTION: ;images.ray-ban.com. IN A

;; ANSWER SECTION: images.ray-ban.com. 9999 IN CNAME ds.img-b2c.luxottica.com.edgesuite.net. ds.img-b2c.luxottica.com.edgesuite.net. 9999 IN CNAME a652.dscq.akamai.net. a652.dscq.akamai.net. 9999 IN A 23.193.194.146 a652.dscq.akamai.net. 9999 IN A 23.193.194.134

;; Query time: 64 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Thu Sep 14 16:15:57 EDT 2023 ;; MSG SIZE rcvd: 162

hagezi commented 11 months ago

Ok, you get the same CNAMEs as me, these are not blocked either.

hagezi commented 11 months ago

I don't understand why the domains don't resolve, I have no problems, tested with Ultimate:

grafik

grafik

hyder365 commented 11 months ago

Another list is blanket-blocking "edgesuite.net" so I'm going to assume the problem is there and not with your list. This CNAME stuff is new to me so I didn't know that domains could be blocked which aren't listed directly.

hagezi commented 11 months ago

Yes, that is the cause. ;)

hyder365 commented 11 months ago

Yes, that is the cause. ;)

Thanks so much for your input and help

hagezi commented 11 months ago

So lists that block such elementary things as edgesuite.net, I would remove immediately. ;)