Domains are being blocked that should be permitted.
I have been having problems recently where domains will suddenly stop working. Most recently, the radar images on Weather Underground (wunderground.com) disappeared even though wunderground.com and www.wunderground.com both load fine.
It turns out radblast.wunderground.com is "blocked on this network"—I am redirected to http://www.blocked-website.com/main?wc=EA5vHgl+AXRDAQpyBQ0dEhMWURQ%3D&url=83666967776684851588867969708372838086796915688078&nref=&w=1280&h=890&ifc=0 which seems like a legit OpenDNS blocked site. However, radblast.wunderground.com nor wunderground.com are blocked on my network: I block only AdWare, Parked Domains, and Typo Squatting and a handful of specific domains, none of which include the two listed. I have attempted to "Never Block" wunderground.com which should be redundant.
-
http://domain.opendns.com/radblast.wunderground.com
"I block only AdWare, Parked Domains, and Typo Squatting and a handful of specific domains, none of which include the two listed."
Just by chance, do these "handful of specific domains" include akamai.net, edgesuite.net or subdomains thereof?
nslookup radblast.wunderground.com.
Server: resolver2.opendns.com
Address: 208.67.220.220Non-authoritative answer:
Name: a402.g.akamai.net
Addresses: 82.112.106.89
213.198.95.169
Aliases: radblast.wunderground.com
radblast-ak.wunderground.com
radblast-ak.wunderground.com.edgesuite.netAlso, what reason for blocking does https://dashboard.opendns.com/stats/all/blockeddomains show?
-
Good call. I didn't know about the blocked domains stats page.
Indeed I had blocked edgesuite.net as they were a source of annoying ads on several sites I was using. That fixed radblast.wunderground.com ...
Another site I'm having the same issues with www.democratandchronicle.com. Likewise it used akamai.net and edgesuite.net but won't load. I tried clearing my caches (Firefox: Clear History: Cache; OSX: dscacheutil -flushcache) and it's been more than 5 minutes since I changed my OpenDNS settings. I'll keep trying ...
-
In Firefox, I went to Tools:Web Developer:Toggle Tools, and in the settings, I turned on Web Console:Enable persistent logs. Then I loaded www.democratandchronicle.com. It looks like it uses dt.adsafeprotected.com which I figured was triggering the blocked-domain, so I tried permitting that domain. After letting the DNS information percolate for a few minutes, I reloaded and found www.democratandchronicle.com would be directly rejected by OpenDNS with a 403 code. I tried permitting adsafeprotected.com and that gave the same result.
According to the blocked domains list, www.democratandchronicle.com was blacklisted. Interestingly, the note says I whitelisted it. Interestingly too is if I check "Everything" in the domains list, adsafeprotected.com does not appear at all. Grr...
I'll try un-blacklisting all the domains and see what happens then add them back one at a time. -
Now I have no domains blacklisted, and as before: blocking Adware, Typo Squatting, and Parked Domains. www.democratandchronicle.com still doesn't load. OpenDNS reports that www.democratandchronicle.com is not explicitly rated, but inherits from democratandchronicle.com which is listed as News/Media as it should be.
-
I feel it's time now to tell you about best practices:
- Don't even think about blocking CDN domains like Akamai and Edgesuite. Else this will break page rendering for many sites, because this is where top sites host their web content.
- Don't even think about blocking ads with an external service, especially not with a DNS service. This significantly slows down your surfing experience and renders many pages unusable. If you want to block ads, do it with local tools only, because these are specialized in doing exactly this.
If you followed these rules and still have problems, please come back.
Regarding www.democratandchronicle.com:
nslookup www.democratandchronicle.com.
Server: resolver2.opendns.com
Address: 208.67.220.220Non-authoritative answer:
Name: a819.g.akamai.net
Addresses: 193.45.10.152
193.45.10.167
Aliases: www.democratandchronicle.com
www.democratandchronicle.com.edgesuite.net -
Another misunderstanding:
"I reloaded and found www.democratandchronicle.com would be directly rejected by OpenDNS with a 403 code."
This has nothing to do with OpenDNS. HTTP 403 is an HTTP error, not a DNS error. If you get an HTTP 403, DNS is already over and gone. You get this HTTP 403 directly from the server you're connecting to.
-
Unfortunately I can't replicate the situation because I did as you suggested and unclicked "Adware" and now I can get to the site. The 403 response was tagged with information from OpenDNS, but the content of the message automatically redirected to OpenDNS's blocked-site page. Except for that it appeared in the console, "www.democratandchronicle.com" never indicated 403 response. I would guess that's just the way OpenDNS works to block sites—it makes sense that if redirection were somehow disabled or failed, the end user would see a 403 response for a blocked domain. -
Thanks for all your help!
I blocked a website that was not DNS cached (a link I haven't been to in a while) then recorded the console and 403 response information box in Firefox; screenshot attached below.
SoundRabbitBlocked.png
Please sign in to leave a comment.
Comments
10 comments