ISP blocking my content

Xdrinkn · October 14, 2019, 7:19pm

Please follow the below template, it will help us to help you!

Expected Behaviour:

Using unbound and quad9 upstream DNS I should bypass restriction from ISP DNS blocking

Actual Behaviour:

I can't get into some torrents sites, sometimes I get to the desired section of the torrents but when trying to click on a link if z torrent I get a blank page

Debug Token:

Running a dig on the website I get replies but when digging on the complete url of the torrents I get nxdomain

jfb · October 14, 2019, 7:36pm

You can only dig a domain, not a complete URL. In this example URL, the domain is cnn.com

https://cnn.com/updates/index.html

These tools can help you determine why your requested content is blocked:

Xdrinkn · October 14, 2019, 7:48pm

Yeah I even disabled pihole for 1 min and it was still not resolving which is very odd.

> query[A] rarbgmirror.com from 192.168.1.26 
Oct 14 20:44:48 dnsmasq[22689]: forwarded rarbgmirror.com to 127.0.0.1 
Oct 14 20:44:48 dnsmasq[22689]: dnssec-query[DS] rarbgmirror.com to 127.0.0.1 
Oct 14 20:44:48 dnsmasq[22689]: reply rarbgmirror.com is no DS 
Oct 14 20:44:48 dnsmasq[22689]: validation result is INSECURE 
Oct 14 20:44:48 dnsmasq[22689]: reply rarbgmirror.com is 104.31.18.30 
Oct 14 20:44:48 dnsmasq[22689]: reply rarbgmirror.com is 104.31.19.30

jfb · October 14, 2019, 7:52pm

The log output you provided shows a query and a reply with an IP. This was when Pi-Hole was disabled?

Xdrinkn · October 14, 2019, 7:54pm

Yeah I don't see anything being blocked that's why I'm at lost...those are the only ones being registered when visiting that site

jfb · October 14, 2019, 7:57pm

I think this rules out Pi-Hole as contributing to the problem.

Xdrinkn · October 14, 2019, 8:04pm

I'm not saying it's related to Pi-hole as I couldn't access this website before unless I used a VPN, hence my question. I'm using unbound and a quad9 upstream DNS so how would my ISP block this??

jfb · October 14, 2019, 8:18pm

I assume you are using unbound as an encrypting resolver communicating over an encrypted interface to the Quad 9 resolver? If this is the case, the DNS traffic should be invisible to your ISP.

However, even if the DNS traffic is encrypted, the ISP will still see all your requested IP's unless you run all your traffic through a VPN. If they can see the IP, they can block it. They know which IP's serve which domains.

Xdrinkn · October 14, 2019, 8:26pm

So by using VPN, you mean a third party VPN correct? But then I lose my pihole settings as my VPN provider pushes its own DNS

jfb · October 14, 2019, 8:33pm

Yes.

As you noted, you can't load your requested content without running a VPN, so you will need to run a VPN to get that content.

Xdrinkn · October 14, 2019, 8:47pm

Indeed, I thought it was a dns problem but looks like it's an IP pool being banned by the ISP. As soon as I enable the VPN it loads fine.

system · November 4, 2019, 8:47pm

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.