0

TLD blacklist periodically overrides allowlist items (at least for .ml)

Been struggling to figure this out the last couple of weeks. I was trying to access lemmy.ml and it was blocked. I wondered if AI-Driven Threat Detection or threat feeds were blocking it, but I also have a .ml TLD block so I manually allowed lemmy.ml. When my DNS caches cleared I was able to access it. The next day I was not, though the requests still showed processed (not blocked).

After disabling various combinations of the ADTD, TIF, and the TLD block as best I can tell it is the TLD block that causes the issue.  If I remove .ml from the TLD block list it starts working again after some time (certainly overnight, maybe sooner).  If I turn it back on it will eventually stop working (though again showing processed).

My working theory is it is overriding, and the extended period of time before the behavior changes is due to some sort of chron or batch jobs that try to reconcile settings and end up blocking my .ml TLD despite the allow entry for lemmy.ml.

3 replies

null
    • losnad
    • 1 yr ago
    • Reported - view

    I tried to replicate it and it was working even after 90 minutes.

      • Mark_Whitworth
      • 1 yr ago
      • Reported - view

       Yeah, so far it's only been consistent stopping overnight for me, which is why I've thought it was a reconciliation batch script of some sort.  It's been consistent here, but only with a couple of days of testing.  That said I have also been reading that the Mali government, some Freenom, and other issues are impacting some .ml domain resolution sporadically, so I'm looking into that as well.

    • Mark_Whitworth
    • 1 yr ago
    • Reported - view

    Confirming.  It WILL eventually time out - at least for me it does.  Then I remove .ml from the TLD blocklist and within minutes it works fine again.  I'm confident this is a bug.

Content aside

  • 1 yr agoLast active
  • 3Replies
  • 54Views
  • 1 Following