How to avoid getting DNS-blocked when you launch a new domain
I got a message from a friend yesterday, “I Smmall Cloud might be having issues” and he sent me a screenshot of a file he shared will all broken images. I immediately scrambled to check the service but everything was fine from what I could tell.
But this is what he saw for all his files:
It just looked like our CDN was broken for him. Strange considering that our CDN is CloudFlare and the DNS servers were Vercel. Those should be pretty stable. I asked him to visit the CDN domain directly and this is what he got:
“Not secure”. Not exactly a helpful error.
It occurred to me that my own DNS had previously blocked projects I was working that ended in the .xyz tld. The CDN domain that I’d been using was .online. Maybe that was weird enough to trigger a block for some broadband filters? Following this hunch, I updated the domain to .net and wouldn’t you know it, suddenly things were working.
Lesson 1: Careful with exotic TLDs. Apparently some filtering software for certain providers gets suspicious if you use them.
All good but the same friend messaged me the next day: new location, same problem. The CDN domain was now throwing this error:
Dismissing the error revealed this page:
“Newly Observed Domain”. Cripes. There’s not a lot I can do about that. I can’t make my domain registration older than it already is.
Fortunately a bit of Googling uncovered a form where I could submit my url to Foritguard and ask them to reevaluate it.
Shortly afterwards I got this email:
Problem solved for Fortigaurd but this does feel like whackamole. I’m not sure if Fortigaurd contributes to a wider database of “good domains” or not but I hope so.
Lesson 2: If your domain is new, filters will regard it as suspicious. Be prepared to defend its legitimacy.
Bottom-line, if you need your domain to work across a number of connections be prepared to defend it and be careful of certain TLDs. If anyone knows of a global “I’m legitimate” database for domains, DM me.