CDN IP listed in DOHipv4.txt - 151.139.128.10

stompro commented 1 year ago

In commit 9ae71db the IP 151.139.128.10 was added.

That is being used by a US regional hardware store website, menards.com, to serve images, css and js files.

sp.menardc.com. 4926 IN CNAME z2t7k8j7.stackpathcdn.com. z2t7k8j7.stackpathcdn.com. 4926 IN A 151.139.128.10

I'm wondering if that IP could be re-evaluated as being a Dns over HTTPS server?

We are blocking using this list, and the website has been not working for about a week, so maybe stackpathcdn just picked up that IP that was previously a DOH server?

Thanks

stompro commented 1 year ago

I tried adding that host as a server at https://dnsleaktest.org/dns-over-https

and couldn't get it to resolve hostnames.

But I'm not sure if that is a legit way to test.

jpgpi250 commented 1 year ago

and

list IDs 7 | https://raw.githubusercontent.com/wiki/curl/curl/DNS-over-HTTPS.md 15 | https://raw.githubusercontent.com/jbaggs/doh-intel/master/doh.intel 21 | https://raw.githubusercontent.com/beamrod/doh_hostlist/main/host_list.txt

by visiting the URL https://api.bgpview.io/ip/151.139.128.10 you will notice this address is part of a CIDR (name:"STACKPATH-CDN). You'll need to make an exception for the entire range 151.139.128.0/24

As explained in the manual, it is recommended to assign the exceptions only to the devices that need to be able to visit this site, thus excluding for example IOT devices. Unfortunately, since hosting companies use CIDR to host several websites and services, and the IP address of the websites and services regularly change, the use of network exceptions for specific devices is unavoidable.

This is explained in section 10 (CIDR (network) Exceptions) of the manual.

stompro commented 1 year ago

Thank you for the detailed explanation. I think I get it now, I'll work on setting up an exception list.

jpgpi250 / piholemanual

CDN IP listed in DOHipv4.txt - 151.139.128.10 #23