search

sefinek / Sefinek-Blocklist-Collection

🌍 A comprehensive repository of blocklists for various DNS servers, featuring over 100 links and more than 6 million domains. Additionally, you can use our personalized Blocklist Generator to tailor content filtering according to your specific needs, giving you full control over what gets blocked on your network.
https://blocklist.sefinek.net
Other
554 stars 26 forks source link

Unable to Access sefinek.net from Brazil #70

Open rafaelbiasi opened 3 weeks ago

rafaelbiasi commented 3 weeks ago

I am unable to access sefinek.net from Brazil, which is preventing me from updating the Adlist on my Pi-hole setup. The website can only be accessed using a VPN connected to an external location (outside of Brazil). Without the VPN, all requests timeout, both when trying to ping command.

Here are the results of the network diagnostics:

Without VPN:

> ping blocklist.sefinek.net -n 4 

Pinging blocklist.sefinek.net [172.67.220.226] with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 172.67.220.226:
    Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

With VPN:

> ping blocklist.sefinek.net -n 4

Pinging blocklist.sefinek.net [104.21.24.225] with 32 bytes of data:
Reply from 104.21.24.225: bytes=32 time=2576ms TTL=57
Reply from 104.21.24.225: bytes=32 time=520ms TTL=57
Reply from 104.21.24.225: bytes=32 time=493ms TTL=57
Request timed out.

Ping statistics for 104.21.24.225:
    Packets: Sent = 4, Received = 3, Lost = 1 (25% loss),
Approximate round trip times in milli-seconds:
    Minimum = 493ms, Maximum = 2576ms, Average = 1196ms

It looks like there might be some regional blocking or routing issue affecting access from Brazil. I would appreciate any assistance in resolving this issue so that users in Brazil can access sefinek.net without needing a VPN.

sefinek commented 3 weeks ago

Hm, are you saying it's the same when using a Brazilian VPN?

rafaelbiasi commented 3 weeks ago

Yes, the problem persists even when using a VPN server in Brazil. However, when using a VPN server outside of Brazil, the issue does not occur. This started happening about 4 days ago, but I initially thought it was just some other downtime.

sefinek commented 3 weeks ago

sefinek.net is definitely accessible in Brazil; I can see incoming traffic from that country in the logs. Additionally, when connecting via a VPN set to a Brazilian location, there are no issues. The site works normally, and pings are successfully going through. Therefore, regional restrictions can be ruled out. image

Try clearing your DNS cache (ipconfig /flushdns for Windows). In any case, we can see that DNS is working properly on your end, as blocklist.sefinek.net has successfully resolved to 172.67.220.226 (which points to Cloudflare).

Cloudflare is also operating properly in Brazil (you can verify this at https://www.cloudflarestatus.com), so I don't believe the issue is related to their services.

Please send me the full packet route (use tracert for Windows, or WinMTR: https://winmtr.net). Also, try pinging XXX.XXX.XX.XXX (Poland, Warsaw), which is the IP address of the origin server hosting blocklist.sefinek.net. You can also perform a traceroute to this server.

rafaelbiasi commented 3 weeks ago

The ping to IP 145.239.85.148 is working, but for 172.67.220.226 it is not. Below are the traceroute results for both IPs:

> tracert 145.239.85.148

Tracing route to 145.239.85.148 over a maximum of 30 hops

  1    <1 ms    <1 ms    <1 ms  192.168.1.10
  2     *        *        *     Request timed out.
  3     *        3 ms     5 ms  201.1.226.54
  4     7 ms     5 ms     6 ms  187.100.194.4
  5     *        *        *     Request timed out.
  6     4 ms     *        *     213.140.50.116
  7     *        *        *     Request timed out.
  8   115 ms   115 ms   114 ms  94.142.119.188
  9   117 ms   114 ms   115 ms  142.44.208.128
 10     *        *        *     Request timed out.
 11     *        *        *     Request timed out.
 12   134 ms   133 ms   133 ms  178.32.135.117
 13   130 ms   133 ms   133 ms  178.32.135.113
 14   132 ms   133 ms   133 ms  178.32.135.114
 15     *        *        *     Request timed out.
 16     *        *        *     Request timed out.
 17     *        *        *     Request timed out.
 18     *        *        *     Request timed out.
 19     *        *        *     Request timed out.
 20     *        *        *     Request timed out.
 21     *        *        *     Request timed out.
 22     *        *        *     Request timed out.
 23     *        *        *     Request timed out.
 24   239 ms   237 ms   238 ms  145.239.85.148

Trace complete.
> tracert 172.67.220.226

Tracing route to 172.67.220.226 over a maximum of 30 hops

  1    <1 ms    <1 ms    <1 ms  192.168.1.10
  2     *        *        *     Request timed out.
  3     5 ms     5 ms     5 ms  201.1.226.54
  4     *        *        *     Request timed out.
  5     5 ms     5 ms     5 ms  152.255.212.57
  6    13 ms    11 ms    12 ms  187.100.168.133
  7     *        *        *     Request timed out.
  8     *        *        *     Request timed out.
  9     *        *        *     Request timed out.
 10     *        *        *     Request timed out.
 11     *        *        *     Request timed out.
 12     *        *        *     Request timed out.
 13     *        *        *     Request timed out.
 14     *        *        *     Request timed out.
 15     *        *        *     Request timed out.
 16     *        *        *     Request timed out.
 17     *        *        *     Request timed out.
 18     *        *        *     Request timed out.
 19     *        *        *     Request timed out.
 20     *        *        *     Request timed out.
 21     *        *        *     Request timed out.
 22     *        *        *     Request timed out.
 23     *        *        *     Request timed out.
 24     *        *        *     Request timed out.
 25     *        *        *     Request timed out.
 26     *        *        *     Request timed out.
 27     *        *        *     Request timed out.
 28     *        *        *     Request timed out.
 29     *        *        *     Request timed out.
 30     *        *        *     Request timed out.

Trace complete.
sefinek commented 3 weeks ago

Interesting case.

We will try to resolve this.

  1. Is DNSSEC disabled in your Pi-hole? While I'm not entirely sure this is the cause, it’s worth checking.
  2. Does the problem persist after temporarily switching your DNS to 1.1.1.1 and 1.0.0.1?
  3. Does the issue continue when you temporarily enable Cloudflare Warp?
  4. Try checking whether you get an HTTP response from other Cloudflare-protected websites (without using any VPNs).

For example, run the following command:

curl -X HEAD -i https://sefinek.net

Do you see a CF-RAY header? If yes, which city does it indicate? (e.g., 8cf92bb82d7ebf2f-WAW. WAW represents Warsaw).

curl -X HEAD -i https://discord.com

discord.com is another site protected by Cloudflare.

Based on the traceroute results, you're successfully reaching the origin server. However, the issue appears to stem from Cloudflare or possibly another node within your ISP's network. The route ends at 187.100.168.133, an IP address owned by your provider.

Please provide more information about your local network.

rafaelbiasi commented 3 weeks ago

Yes, DNSSEC is disabled in my Pi-hole. I tried using Cloudflare's DNS (1.1.1.1 and 1.0.0.1), as well as Google's DNS (8.8.8.8 and 8.8.4.4), but the issue persists.

The curl command to sefinek.net returns:

curl: (28) Failed to connect to sefinek.net port 443 after 42142 ms: Could not connect to server

The curl command to discord.com returns:

HTTP/1.1 200 OK
Date: Tue, 08 Oct 2024 22:17:10 GMT
Content-Type: text/html
Connection: keep-alive
CF-Ray: 8cf97fe1fa39a501-GRU
CF-Cache-Status: HIT
Cache-Control: no-cache
Last-Modified: Tue, 08 Oct 2024 22:17:10 GMT
...

The CF-RAY header indicates GRU, which corresponds to São Paulo.

Regarding my local network setup, it consists of the ISP's modem in bridge mode and a mini-PC with a Celeron processor running pfSense, configured in the most basic way.

It might indeed be an issue with my ISP, and I'll try to contact them. I faced a similar problem in the past with another site and a different ISP.

sefinek commented 3 weeks ago

São Paulo is the closest Cloudflare server to your location, and for the domain blocklist.sefinek.net, it should be the nearest as well. However, according to cloudflarestatus.com, incoming traffic to São Paulo, Brazil (GRU) is currently being partially re-routed to another server. {7AC8C9AF-ADDA-4BA1-995A-7B542D376415}

In my case, pings to 172.67.220.226 are going through without any issues.

Pinging 172.67.220.226 with 32 bytes of data:
Reply from 172.67.220.226: bytes=32 time=35ms TTL=54
Reply from 172.67.220.226: bytes=32 time=36ms TTL=54
Reply from 172.67.220.226: bytes=32 time=36ms TTL=54
Reply from 172.67.220.226: bytes=32 time=36ms TTL=54

Ping statistics for 172.67.220.226:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 35ms, Maximum = 36ms, Average = 35ms
Tracing route to 172.67.220.226 over a maximum of 30 hops

  1    <1 ms    <1 ms    <1 ms  192.168.0.1
  2    10 ms     9 ms     9 ms  szcz-bng4.neo.tpnet.pl [83.1.5.170]
  3     9 ms     9 ms     9 ms  80.50.119.85
  4    18 ms    18 ms    17 ms  war-r22.tpnet.pl [195.116.35.190]
  5    34 ms    35 ms    34 ms  win-b2-link.ip.twelve99.net [62.115.153.224]
  6    34 ms    42 ms    35 ms  cloudflare-ic-356168.ip.twelve99-cust.net [213.248.95.45]
  7    42 ms    39 ms    36 ms  172.68.48.12
  8    35 ms    36 ms    35 ms  172.67.220.226

The best approach would be to contact your ISP first. If they don't detect any issues, you should then reach out to Cloudflare.

I'll leave this issue open. Please keep me informed on any developments; I’d appreciate it

rafaelbiasi commented 3 weeks ago

Thank you very much for your help. I will contact my ISP and keep you informed of any developments.