sniproxy: https://www.google.com/about/careers/applications/ 403's from IR
Hi @mosajjal,
I was helping someone from Iran access a google domain website and they reported to me that they are getting 403, even after setting their DNS to the sni proxy I have in Vultr.
My experiment confirms that: I setup a fresh instance of sniproxy in Vultr. Now from my machine outside Iran, websties like udemy.com do load after setting DNS to my sniproxy, but when I experiment with a datacenter in Iran, I get the 403 back:
- Setting DNS to my vultr instance IP
209.250.255.214
from Iran:
cat /etc/resolv.conf
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
# 127.0.0.53 is the systemd-resolved stub resolver.
# run "systemd-resolve --status" to see details about the actual nameservers.
# nameserver 8.8.8.8
# nameserver 8.8.4.4
# nameserver 95.179.163.92
# nameserver 127.0.0.53
nameserver 209.250.255.214
- Digging to make sure that my DNS has actually changed:
dig udemy.com
; <<>> DiG 9.18.1-1ubuntu1.3-Ubuntu <<>> udemy.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25881
;; flags: qr rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: recursion requested but not available
;; QUESTION SECTION:
;udemy.com. IN A
;; ANSWER SECTION:
udemy.com. 3600 IN A 209.250.255.214
;; Query time: 87 msec
;; SERVER: 209.250.255.214#53(209.250.255.214) (UDP)
;; WHEN: Tue Apr 04 00:11:38 UTC 2023
;; MSG SIZE rcvd: 52
- Access to udemy.com is still blocked from the machine in IR:
wget udemy.com
--2023-04-04 00:14:43-- http://udemy.com/
Resolving udemy.com (udemy.com)... 209.250.255.214, 209.250.255.214
Connecting to udemy.com (udemy.com)|209.250.255.214|:80... connected.
HTTP request sent, awaiting response... 403 Forbidden
2023-04-04 00:14:43 ERROR 403: Forbidden.
- Access to udemy.com is also blocked from the Vultr machine itself!
root@sniproxy:~# wget https://www.udemy.com/
--2023-04-04 00:22:04-- https://www.udemy.com/
Resolving www.udemy.com (www.udemy.com)... 2606:4700::6812:a05a, 2606:4700::6810:e25b, 104.16.226.91, ...
Connecting to www.udemy.com (www.udemy.com)|2606:4700::6812:a05a|:443... connected.
HTTP request sent, awaiting response... 403 Forbidden
2023-04-04 00:22:04 ERROR 403: Forbidden.
The original website that my tester was trying to access was a google domain, but I figured if we solve it for udemy.com it will be solved for other websites too.
Is this expected behavior?
About this issue
- Original URL
- State: closed
- Created a year ago
- Comments: 20 (18 by maintainers)
two things:
/etc/resolve.conf
usually doesn’t work very well. use the following command instead:this disables the stub listener, and changes your DNS to 217.69.9.127. replace it with the current public IP of
sniproxy
and then restartsystemd-resolved
/etc/hosts
with the IP ofsniproxy
. your file will look like this:this will bypass DNS altogether so you can test where the issue is. If editing
/etc/hosts
actually works, the midboxes in Iran are rewriting your DNS and “correcting” it back.there is a neat way to avoid having DNS query and response altogether using another pet project of mine here. This sets up a “fake” DNS server in your own machine, so you can hard-code your
sniproxy
address for ALL domains. Use it like this:disable the default stub resolver (as mentioned above) and change your DNS server to
127.0.0.1
start
fakedns
as root:if fakedns is not in your PATH, you’ll get a
file not found
error. if that’s the case, find the full path and replacefakedns
with it. Full path is usually/home/USER/go/bin/fakedns
hopefully this helps.
I’ll look into it. can you please also share the
sniproxy
logs (in debug mode).