I was setting up geo-filtering for a good portion of the world that I don’t expect any traffic from, and appear to have accidentally blocked 1. Does anyone know what country this is being hosted out of so that I can ensure I don’t block it? I was able to resolve the issue by removing the majority of the filters but that is not a great solution for me.
Thanks
What exactly do you mean by that?
What exactly did you block? Can you post a screenshot?
It was supposed to be 1. as in 1.1.1.1
I used geo-filtering on my ubiquiti UDM to block most of the eastern hemisphere and South America. This resulted in the inability to use the 1.1.1.1 dns resolver, and some IoT devices were unable to resolve their callback servers that depend on 1.1.1.1. I was able to further confirm my suspicion by the inability to ping 1.1.1.1, 1.1.1.2, and 1.1.1.3.
I am afraid your description is not very clear. What exactly did you block regarding Cloudflare’s DNS resolvers?
This will only refer to DNS and not HTTP, so it won’t be a setting on Cloudflare. What’s your exact question, respectively what do you want to achieve?
If you are saying you blocked Cloudflare from contacting your authoritative nameservers, then you might want to reconsider that approach, also because that’s not exactly geo-blocking related.
I am not aware of a publicly available list, but requests seem to come at least from 172.64.0.0/13. IP Ranges is probably a good starting point.
Using this map, I selected countries to geo-block (i.e. Russia is currently blocked). When I blocked most of the eastern hemisphere and South America, I could no longer access Cloudflare’s DNS network. When I removed the majority of the blocks to just what is in the photo, it started working again. Therefore, the 1 dot DNS network must be hosted in one of those countries. What I am asking is, is anyone aware of the country/countries that 1 dot is hosted out of?
1.1.1.1 is not hosted in a country.
I am afraid it still is not clear what you blocked. If you can’t resolve against Cloudflare you obviously need to make sure that 1.1.1.1 is reachable. If it is the issue I mentioned in my earlier posting you need to follow the given advice.
At this point it seems it is the former issue, which would mean you need to make sure the mentioned addresses are not blocked on your site.
This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.
