Closed MichalMichalak closed 4 years ago
beerisgood
commented
4 years ago Not a nice way but you can query your domain against the Thread Intelligence Feed sources: https://github.com/nextdns/metadata/blob/master/security/threat-intelligence-feeds.json
MichalMichalak
commented
4 years ago Thank you. That should help.
As you mentioned yourself, it's not super friendly way of doing it. Do you think it makes sense to add some lookup table and display results on the log page? Could it be done?
romaincointepas
commented
4 years ago Building friendly tools so the community can help as easily as possible is definitely big in our todo, no ETA though.
What's your domain?
MichalMichalak
commented
4 years ago I've found the issue. My domain is a subdomain of strangled.net and since anyone can has subdomain there, it's easy for bad actors to abuse it. That's why it ended up blocked. My suggestion was rather related to the ability to see the actual block list in the log web page. That would make it all much easier. And if not possible, any other means to find it out. I got what I wanted so I suppose case can be closed. Thank you.
romaincointepas
commented
4 years ago strangled.net should itself never be blocked, only specific malicious subdomains (and probably not yours).
Fixed.
My domain has been blocked and I have no idea why. Logs say just "Threat Intelligence Feeds" which tells me nothing. Is there any option to know which list exactly blocked a domain so I can go talk to maintainer? It seems strange to me that bunch of lists is grouped under one vague name. Actually it could even make authors work easier because people would just go to maintainer instead opening an issue here. Thank you.