Check if domain is blocked or not

Hello,

Using Curl and DoH, how I check if Cloudflare blocks the resolution or not? In this example, I am querying a domain (textspeier.de) well-known for malware.

input:
curl -H 'accept: application/dns-json' 'https://1.1.1.2/dns-query?name=textspeier.de'

output:
{"Status":0,"TC":false,"RD":true,"RA":true,"AD":false,"CD":false,"Question":[{"name":"textspeier.de","type":1}],"Answer":[{"name":"textspeier.de","type":1,"TTL":300,"data":"172.67.164.156"},{"name":"textspeier.de","type":1,"TTL":300,"data":"104.27.163.228"},{"name":"textspeier.de","type":1,"TTL":300,"data":"104.27.162.228"}]}

You have to use the FQDN security.cloudflare-dns.com and not just the IP address (1.1.1.2) - see

But - that domain just isn’t blocked - it’s not marked as Malware by CF’s provider, and Safe Browsing didn’t find anything. If you think it’s malware, report it at:

When a domain is actually blocked, like phishing.testcategory.com, you’ll receive an “Answer” with data set to 0.0.0.0:

[{"name":"phishing.testcategory.com","type":1,"TTL":60,"data":"0.0.0.0"}]
2 Likes

Hello Judge!

What about this query, how do you know if it’s blocked or not since it does not return any IP address?

$ curl -H 'accept: application/dns-json' 'https://security.cloudflare-dns.com/dns-query name=vodafoneplus'
{"Status":3,"TC":false,"RD":true,"RA":true,"AD":true,"CD":false,"Question":[{"name":"vodafoneplus","type":1}],"Authority":[{"name":"","type":6,"TTL":86400,"data":"a.root-servers.net. nstld.verisign-grs.com. 2020071101 1800 900 604800 86400"}]}