Banned from DNS Cloudflare, Quad9, Google…

Last week I got banned from free DNS Cloudflare, Quad9, Google etc. I didn’t know it was possible and the reasons are still unclear to me. Here is what happened and some clues to understand how I could have been banned.

Credit: ellisia/Adobe Stock

Banned from Free DNS

I have been using alternate DNS for many years. The objective is to circumvent the restrictions of telecom operators in France. I used :

  • Cloudflare (1.1.1.1 and 1.0.0.1)
  • Google (8.8.8.8 and 8.8.4.4)
  • Quad9 (9.9.9.9 and 149.112.112.112)

I stopped using Google several years ago. I used very good OpenNIC DNS for a while before the services became unstable. Since then, I’ve been using and recommending those from Cloudflare which are fast, privacy-friendly, and robust. As a backup, I use Quad9. I have never had a problem until now – for 3/4 years.

Home Pi-Hole and AdGuard

I don’t use free DNS directly on my devices. In order to block intrusive ads and other trackers, I use Pi-Hole and AdGuard Home together (except for NAS). They are the ones who query the previously mentioned DNS (Cloudflare and Quad9). The 2 blocking services are configured at the DHCP server level as DNS for the local network (LAN UniFi) and everything works perfectly.

Service stop

One evening, access to certain sites began to cause problems: high latency or impossible access. As a reminder, browsers have their own DNS cache, like computers. If you regularly go to the same sites, the problem is not indicated below.

At first, I thought it was a problem with my operator. Since everything would work fine on this side, I decided to restart Pi-Hole and AdGuard Home. Unfortunately, my Raspberry Pi 1 Model B from 2013 (with Pi-Hole) didn’t appreciate the reboot. It won’t reboot (even after changing SD card and power supply). For several minutes, I’m going to think that my problem with accessing websites has something to do with the death of the Raspberry Pi. For its part, AdGuard Home shows many operating errors. The problem would come from the network. I manage to make a ping a public address, but not a domain name. On the UniFi side, I put the settings back to automatic at the DNS level (WAN and LAN). So here I am configured with my operator’s DNS 🙁 As soon as I force 1.1.1.1 or 8.8.8.8 on my PC: again, I no longer have access to websites.

I searched in vain for an explanation on the Internet and despite several attempts: nothing seems to work. Then it was EVOTk who remembered a friend who got banned from Cloudflare and Google DNS. I admit, I didn’t know that was possible. So I launch a ping 1.1.1.1: Request timeout. I start again with 8.8.8.8: Request timeout. It will be the same with 9.9.9.9. He advises me to take the DNS from the French Data Network association and/or from dns.watch… I change the parameters and miraculously, everything works correctly!

Why was I banned?

The question, I asked myself and I still ask myself. Could this be due to a Pi-Hole problem before giving up the ghost? I do not think so. Did I abuse the use of free DNS? My usage hasn’t changed recently. As I have just changed fiber operator, would I have recovered a suspicious IP address? Maybe, but without conviction… What is certain is that my public IP address is shared (in a database) between Cloudflare, Quad9, Google and maybe others.

So I decided to use DnsChecker’s IP Blacklist Check tool. Among the 55 lists requested automatically by the latter, my public IP address appears at dnsbl.spfbl.net. I go to their site and I learn that: “This IP has been reported because it is dynamic or because it is suspected to be for home use only” and add “If you use an email service on this IP, ask your access provider to modify the rDNS (note: reverse DNS)”. It is definitely a home-use IP address, but I have never used it to set up an email service and have no intention of doing so.

After a few minutes, I remember that I use Uptime Kuma to monitor a few sites (including Cachem.fr and Forum-NAS.fr). When there is an incident, the tool sends an e-mail to two addresses (ik.me and gmail.com) to tell me that the web service is unavailable… then a second one when the service returns. Except that if Uptime Karma no longer has access to the Internet and then recovers the service, it sends 2 emails for each probe (monitored site). Could it be Gmail that interpreted this for SPAM? Or Ik.me? Nothing is less certain since the Uptime Kuma email alert system works correctly.

I confess that I did not understand what happened. Also, I find out that it is possible to get banned from a free DNS service. It is indeed possible and it is somewhat logical to avoid malicious actions. What I haven’t figured out yet is why I got banned.

And you, did you know that you could get banned by this kind of service? Have you ever had a similar experience?

Leave a Comment