FetLife.com Status

Site Issues /w DNSBL

TL;DR

During the past few weeks, we have become aware of people having issues accessing FetLife. These issues include, but may not be limited to:

We have found that DNS Block List (DNS-BL) tools have inadvertently added entries that result in some of our content being blocked.

Some effected services/items we have identified are:

Please continue reading below for more information on why this is a problem, how to diagnose it, and how to remedy it.

Background

DNS-BL tools (or services that use them) work by looking at the domains you and your computer are visiting and if they are on a so-called ‘blacklist’ it will instruct your computer to not visit or load the site. They do this by using the Domain Name System (DNS) which is how your computer knows which server to talk to when you want to go to FetLife.com vs Amazon.com. If you are interested you can read more about DNS in a CloudFlare article.

If you are using one of these systems at home then you (or the “techy” friend or family member who set it up for you) will have changed the DNS server that your computer uses.

Some services (like NordVPN’s Cybersec) will reassign your DNS server for you automatically in order to perform the same service.

The Problem

These DNS-BL services can source their lists from a number of places. Unfortunately one of these lists (AdAway) had inadvertently added one of the domains of our CDN, specifically f.ssl.fastly.net.

This caused issues with any of our subdomains which we use to load CSS, JavaScript, media (pictures and videos), etc.

This is even more confusing because the main site loaded and if your device had the image/script/etc was in your browser’s cache then it would not be apparent that anything was wrong.

Diagnosing

If you think you might be experiencing this problem OR if you were able to access the site before from a given network, but are now experiencing issues, you can diagnose the problem by following the steps below.

The easiest, although not definitive, way to verify this is to use a different network. If you are on a mobile phone that has data service then switching off your Wifi and reloading the site on your LTE connection. If the site loads over LTE and not on Wifi then you or the Wifi administrator is probably using a DNS-BL system.

In order to definitively diagnose the problem you need a tool to query your systems DNS servers directly. You can use the dig tool for this which should be installed by default on MacOS/Linux systems. If you need to install it on any system (like windows) then you can refer to this guide from DynDNS.

If you query for ga0.fetlife.com then your output should looks something like:

$ dig +short gs0.fetlife.com
f.ssl.fastly.net.
151.101.24.64

Your IP might be different and that is okay, as long as it doesn’t start with any of the following:

If the IP you get does start with one of the above patterns then you or your network administrator have most likely installed a DNS-BL system that is affecting your site access.

Fixing the problem

If you maintain one of these devices then there are steps you can take to fix the issue for you and everyone who uses your network. If you use a service that you do not maintain then please see the Working Around the Problem below.

I have worked with the AdAway maintainers and the offending domains have already been removed from their list. Anyone who got the bad domains in their list because of the AdAway list should be able to refresh and the problem should be gone.

If you want to make sure that this never happens again you can add some items to the whitelist section of your chosen solution be it Pi-hole, pfBlockerNG, or something different.

Because of the way DNS works you need to whitelist .f.ssl.fastly.net to your whitelist. This will allow any site that is also hosted on Fastly’s F servers. If your device does not support the leading dot then you can enter just f.ssl.fastly.net.

You can safely black list any other site that may be hosted on those servers.

Working Around the Problem

If you are using a service that you do not manage then you can work around the problem. Please only do these on computers / systems that you own. DO NOT CHANGE SETTINGS ON SYSTEMS THAT ARE NOT YOURS.

You can change your DNS servers to use any number of free ones, such as:

You can test that it fixed the issue by following the steps above after changing and rebooting your system.