search

jpgpi250 / piholemanual

files referred to in my pihole installation manual
114 stars 14 forks source link

use.fontawesome.com - ip's are blocked - Hainging browser sessions if sites uses them #12

Closed Bingo600 closed 2 years ago

Bingo600 commented 2 years ago

Was hit by this one today

use.fontawesome.com was blocked , and i hung on a newspaper site. Adding : 188.114.96.0 and 188.114.97.0 (A bit weird they used those ip's) - To my own local "permit list" resolved the issue

host use.fontawesome.com use.fontawesome.com is an alias for use.fontawesome.com.cdn.cloudflare.net. use.fontawesome.com.cdn.cloudflare.net has address 188.114.96.0 use.fontawesome.com.cdn.cloudflare.net has address 188.114.97.0 use.fontawesome.com.cdn.cloudflare.net has IPv6 address 2a06:98c1:3121:: use.fontawesome.com.cdn.cloudflare.net has IPv6 address 2a06:98c1:3120::

jpgpi250 commented 2 years ago

the addresses you have added to your local "permit list" aren't addresses but address ranges.

my results: host use.fontawesome.com use.fontawesome.com is an alias for use.fontawesome.com.cdn.cloudflare.net. use.fontawesome.com.cdn.cloudflare.net has address 104.21.78.7 use.fontawesome.com.cdn.cloudflare.net has address 172.67.214.69 use.fontawesome.com.cdn.cloudflare.net has IPv6 address 2606:4700:3031::ac43:d645 use.fontawesome.com.cdn.cloudflare.net has IPv6 address 2606:4700:3037::6815:4e07

none of these addresses are in the lists.

which newspaper site?

Bingo600 commented 2 years ago

Well they resolve like this on my two bind9 servers in DK

raspi3:~ $ host use.fontawesome.com use.fontawesome.com is an alias for use.fontawesome.com.cdn.cloudflare.net. use.fontawesome.com.cdn.cloudflare.net has address 188.114.97.0 use.fontawesome.com.cdn.cloudflare.net has address 188.114.96.0 use.fontawesome.com.cdn.cloudflare.net has IPv6 address 2a06:98c1:3120:: use.fontawesome.com.cdn.cloudflare.net has IPv6 address 2a06:98c1:3121::

frodo:~$ host use.fontawesome.com use.fontawesome.com is an alias for use.fontawesome.com.cdn.cloudflare.net. use.fontawesome.com.cdn.cloudflare.net has address 188.114.96.0 use.fontawesome.com.cdn.cloudflare.net has address 188.114.97.0 use.fontawesome.com.cdn.cloudflare.net has IPv6 address 2a06:98c1:3121:: use.fontawesome.com.cdn.cloudflare.net has IPv6 address 2a06:98c1:3120::

And like this on my bind9 in Sweden pippin:~$ host use.fontawesome.com use.fontawesome.com is an alias for use.fontawesome.com.cdn.cloudflare.net. use.fontawesome.com.cdn.cloudflare.net has address 172.67.214.69 use.fontawesome.com.cdn.cloudflare.net has address 104.21.78.7 use.fontawesome.com.cdn.cloudflare.net has IPv6 address 2606:4700:3037::6815:4e07 use.fontawesome.com.cdn.cloudflare.net has IPv6 address 2606:4700:3031::ac43:d645

opiz2:~$ host use.fontawesome.com use.fontawesome.com is an alias for use.fontawesome.com.cdn.cloudflare.net. use.fontawesome.com.cdn.cloudflare.net has address 104.21.78.7 use.fontawesome.com.cdn.cloudflare.net has address 172.67.214.69 use.fontawesome.com.cdn.cloudflare.net has IPv6 address 2606:4700:3037::6815:4e07 use.fontawesome.com.cdn.cloudflare.net has IPv6 address 2606:4700:3031::ac43:d645

All 4 are standard bind9 w full TCP/UDP 53 access.

My pfSense state shows i'm connecting to 188.114.96.0:443 , as i wrote. image

But as you mention .. Cloudflare can be country dependant. . I'll close this one , and just keep my own exception list ... Don't want to bother with being lectured about net's vs hosts , been in Large enterprise network for 25+ years.