Conversation
noisytoot

Noisytoot

lgbtqia.space changed the way they geoblock the UK and now my method of bypassing it doesn't fully work. neomouse_sad
I was adding individual routes for each website I found that blocked the UK to route it via a VPN (and hoping that they never change IP addresses, so this method was already quite fragile), but now the CDN they use (cdn2.miau.pub) blocks the UK via GeoDNS so that doesn't work any more.
I could bypass this by running a DNS server outside the UK (or using another non-UK-based DNS provider that also doesn't do anycast in the UK, but I don't know of any good ones), but that would increase the latency of DNS lookups by at least ~25ms (latency to my VPS in Germany, which itself has ~3ms higher latency to 8.8.8.8 and 1.1.1.1 than my home connection). Would I even notice the difference? I'm not sure
1
0
0
noisytoot

Noisytoot

Reply to @noisytoot

The other thing I could do would be to write a DNS server which looks up the domain on multiple DNS servers (one UK-based but low latency, one non-UK-based but high latency) and returns the first result, unless it looks like a geoblock, in which case it waits and returns the second result. The problem is there’s no way to reliably detect geoblocks, but doing it for loopback IP addresses might be enough?

In the case of this specific geoblock, it’s returning an A record for 127.0.0.1, but interestingly it’s doing this regardless of the type of record you requested (if you request AAAA it will still respond with A):

> dig AAAA cdn2.miau.pub

; <<>> DiG 9.19.24 <<>> AAAA cdn2.miau.pub
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 43682
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
; EDE: 0 (Other): ([157.53.226.1] Unexpected lgbtqiaspace.b-cdn.net/a in received ANSWER at b-cdn.net for lgbtqiaspace.b-cdn.net/aaaa)
; EDE: 0 (Other): ([109.104.147.1] Unexpected lgbtqiaspace.b-cdn.net/a in received ANSWER at b-cdn.net for lgbtqiaspace.b-cdn.net/aaaa)
; EDE: 0 (Other): ([91.200.176.1] Unexpected lgbtqiaspace.b-cdn.net/a in received ANSWER at b-cdn.net for lgbtqiaspace.b-cdn.net/aaaa)
; EDE: 22 (No Reachable Authority): (At delegation b-cdn.net for lgbtqiaspace.b-cdn.net/aaaa)
;; QUESTION SECTION:
;cdn2.miau.pub.                 IN      AAAA

;; Query time: 19 msec
;; SERVER: 192.168.1.1#53(192.168.1.1) (UDP)
;; WHEN: Thu Aug 28 05:50:05 BST 2025
;; MSG SIZE  rcvd: 464

This makes it easy to fingerprint but that only works in this specific case. In which case I might as well just hardcode a list of domains as I do for my list of IPs to route through a non-UK VPN.

0
0
0
About berkeley.edu.pl

Terms of Service

This is a placeholder, overwrite this by putting a file at 

$STATIC_DIR/static/terms-of-service.html

See the Static Directory docs for more info.