List of copyright-related DNS blocks in Germany (CUII Lists)

[wkrp]

The site https://cuiiliste.de/ claims to catalog a list of domain names blocked by DNS by certain ISPs in Germany at the behest of CUII (Clearingstelle Urheberrecht im Internet / Clearing Body for Copyright on the Internet). My understanding is that these domains are not blocked by law; rather CUII is an independent organization with which some ISPs have a private agreement (archive, English, English archive).

The methodology of obtaining the list is unclear. CUII publishes a list of its blocking recommendations, but the list is only website names or base domains, not the kind of list an ISP would need to implement the block technically. German Wikipedia says the source of the list of domains is a "leak" (with more discussion at the talk page). A TorrentFreak article (archive) implies it was created through trial DNS resolutions:

While there haven’t been any obvious errors that we’re aware of, access to information related to blocking would provide much needed transparency. With no information available from official sources, Damian, a 17-year-old German student, got together with some friends and embarked on a mission to fill in the blanks.

After sifting through the data and running domains though extensive DNS resolver tests, Damian launched CUIIliste.de, effectively lifting the blocking veil by exposing all URLs without redactions.

The CUII FAQ and Code of Conduct (1(b)) says the only technical means of blocking used is DNS blocking, so trial DNS resolution should be sufficient as a test. The self-test on the website actually just looks up the ASN of the web browser client and checks it against a list of known-affected ASNs.

There's a paginated search interface at https://cuiiliste.de/domains, but there is also a JSON API that is probably more convenient.

https://api.cuiiliste.de/blocked_domains
api.cuiiliste.de_blocked_domains_20240823.json

Tabular list of domains from /blocked_domains API

first_blocked_on	domain
2024-07-21	astrotheque.net
2024-08-21	www.astrotheque.net
2021-09-06	bs.to
2024-08-21	www.bs.to
2024-01-08	buffsports.me
2024-08-21	www.buffsports.me
2024-01-08	buffstreams.sx
2024-08-21	www.buffstreams.sx
2021-09-13	burningseries.ac
2024-08-21	www.burningseries.ac
2024-08-21	www.burningseries.co
2024-08-21	www.burningseries.sx
2024-07-21	burningseries.tw
2024-08-21	www.burningseries.tw
2024-08-21	www.burningseries.vc
2024-07-21	canna-power.to
2021-04-14	canna.to
2021-05-10	uu.canna.to
2022-06-07	cine.to
2024-08-21	www.cine.to
2023-08-07	filmfans.org
2024-08-21	www.filmfans.org
2024-03-04	filmpalast.to
2024-08-21	www.filmpalast.to
2024-07-21	harleyquinnwidget.com
2024-07-21	harleyquinnwidget.live
2024-07-21	harleyquinnwidget.net
2024-08-21	www.harleyquinnwidget.com
2023-01-23	israbox.com
2024-07-21	israbox-music.com
2024-07-21	israbox-music.org
2024-07-21	isrbx.com
2023-01-23	isrbx.me
2024-07-21	isrbx.net
2024-07-21	american-football.jokerguide.com
2024-07-21	athletics.jokerguide.com
2024-07-21	aussie-rules.jokerguide.com
2024-07-21	badminton.jokerguide.com
2024-07-21	basketball1.jokerguide.com
2024-07-21	basketball.jokerguide.com
2024-07-21	beach-volley.jokerguide.com
2024-07-21	boxing1.jokerguide.com
2024-07-21	cycling.jokerguide.com
2024-07-21	darts1.jokerguide.com
2024-07-21	f1.jokerguide.com
2024-07-21	football1.jokerguide.com
2024-07-21	futsal.jokerguide.com
2024-07-21	golf.jokerguide.com
2024-07-21	handball.jokerguide.com
2024-07-21	ice-hockey.jokerguide.com
2024-07-21	jokerguide.com
2024-07-21	mlb1.jokerguide.com
2024-07-21	motorsport.jokerguide.com
2024-07-21	nba3.jokerguide.com
2024-07-21	nba.jokerguide.com
2024-07-21	ncaab1.jokerguide.com
2024-07-21	ncaaf.jokerguide.com
2024-07-21	nfl2.jokerguide.com
2024-07-21	nfl.jokerguide.com
2024-07-21	nhl4.jokerguide.com
2024-07-21	reddit.jokerguide.com
2024-07-21	rugby2.jokerguide.com
2024-07-21	snooker2.jokerguide.com
2024-07-21	table-tennis.jokerguide.com
2024-07-21	tennis.jokerguide.com
2024-07-21	ufc1.jokerguide.com
2024-07-21	volleyball2.jokerguide.com
2024-07-21	waterpolo.jokerguide.com
2024-08-21	www.jokerguide.com
2024-07-21	jokerlivestream.net
2024-07-21	jokerlivestream.org
2024-08-21	www.jokerlivestream.org
2024-07-21	jokerlivestream.vip
2024-08-21	www.jokerlivestream.vip
2022-03-15	kinos.to
2024-08-21	ww4.kinos.to
2024-08-21	ww15.kinos.to
2024-08-21	ww17.kinos.to
2024-08-21	ww19.kinos.to
2024-08-21	www8.kinos.to
2024-08-21	www12.kinos.to
2024-08-21	www13.kinos.to
2024-08-21	www14.kinos.to
2024-08-21	www15.kinos.to
2024-08-21	www17.kinos.to
2024-08-21	www.kinos.to
2024-08-21	www.kinox.am
2024-08-21	www.kinox.bz
2024-08-21	www.kinox.click
2024-08-21	www3.kinox.click
2024-08-21	www3.kinox.cloud
2024-08-21	www.kinox.cloud
2024-08-21	www.kinox.club
2024-07-21	kinox.digital
2024-08-21	www.kinox.digital
2024-08-21	www3.kinox.digital
2024-07-21	kinox.direct
2024-08-21	www.kinox.direct
2024-07-21	kinox.express
2024-08-21	www.kinox.express
2024-08-21	www3.kinox.express
2024-07-21	kinox.fun
2024-08-21	www.kinox.fun
2024-08-21	www3.kinox.fun
2024-08-21	www3.kinox.fyi
2024-08-21	www.kinox.fyi
2024-07-21	kinox.gratis
2024-08-21	www.kinox.gratis
2024-08-21	www3.kinox.gratis
2024-07-21	kinox.io
2024-08-21	www.kinox.io
2024-08-21	www3.kinox.io
2024-07-21	kinox.lol
2024-08-21	www.kinox.lol
2024-08-21	www3.kinox.lol
2024-07-21	kinox.me
2024-08-21	www.kinox.me
2024-08-21	www3.kinox.me
2024-07-21	kinox.mobi
2024-08-21	www.kinox.mobi
2024-08-21	www3.kinox.mobi
2024-07-21	kinox.pub
2024-08-21	www.kinox.pub
2024-08-21	www3.kinox.pub
2024-08-21	www3.kinox.sh
2024-08-21	www.kinox.sh
2024-08-21	www.kinox.space
2024-07-21	kinox.sx
2024-08-21	www.kinox.sx
2024-08-21	www3.kinox.sx
2021-11-01	kinox.to
2024-08-21	ww4.kinox.to
2024-08-21	ww7.kinox.to
2024-08-21	ww8.kinox.to
2024-08-21	ww11.kinox.to
2024-08-21	ww15.kinox.to
2024-08-21	ww16.kinox.to
2024-08-21	ww17.kinox.to
2024-08-21	ww18.kinox.to
2024-08-21	ww19.kinox.to
2024-08-21	www1.kinox.to
2024-08-21	www2.kinox.to
2024-08-21	www4.kinox.to
2024-08-21	www5.kinox.to
2024-08-21	www6.kinox.to
2024-08-21	www7.kinox.to
2024-08-21	www8.kinox.to
2024-08-21	www9.kinox.to
2024-08-21	www12.kinox.to
2024-08-21	www13.kinox.to
2024-08-21	www15.kinox.to
2024-08-21	www16.kinox.to
2024-08-21	www17.kinox.to
2024-08-21	www18.kinox.to
2024-08-21	www.kinox.to
2024-08-21	www.kinox.tube
2024-07-21	kinox.tv
2024-08-21	www.kinox.tv
2024-08-21	www3.kinox.tv
2024-07-21	kinox.wtf
2024-08-21	www.kinox.wtf
2024-08-21	www.kinoz.co
2022-03-16	kinoz.to
2024-08-21	ww14.kinoz.to
2024-08-21	ww15.kinoz.to
2024-08-21	ww17.kinoz.to
2024-08-21	ww18.kinoz.to
2024-08-21	ww19.kinoz.to
2024-08-21	www3.kinoz.to
2024-08-21	www4.kinoz.to
2024-08-21	www5.kinoz.to
2024-08-21	www8.kinoz.to
2024-08-21	www12.kinoz.to
2024-08-21	www13.kinoz.to
2024-08-21	www14.kinoz.to
2024-08-21	www15.kinoz.to
2024-08-21	www16.kinoz.to
2024-08-21	www17.kinoz.to
2024-08-21	www18.kinoz.to
2024-08-21	www.kinoz.to
2024-07-21	megakino.biz
2024-08-21	www.megakino.biz
2024-07-21	megakino.cab
2024-08-21	www.megakino.cab
2024-02-27	megakino.co
2024-08-21	www.megakino.co
2024-07-21	megakino.ink
2024-08-21	www.megakino.ink
2024-07-21	megakino.men
2024-08-21	www.megakino.men
2024-07-24	megakino.vin
2024-08-21	www.megakino.vin
2024-07-21	megakino.ws
2024-08-21	www.megakino.ws
2021-07-27	newalbumreleases.net
2024-07-21	newerastreams.com
2024-08-21	www.newerastreams.com
2021-05-31	nsw2u.com
2024-08-21	www.nsw2u.com
2024-07-21	nsw2u.in
2024-07-21	nsw2u.net
2024-08-21	www.nsw2u.net
2024-08-21	www.nsw2u.org
2021-11-12	nsw2u.xyz
2024-03-01	nswgame.com
2024-08-21	www.nswgame.com
2024-03-04	romslab.com
2024-08-21	www.romslab.com
2024-01-08	sci-hub.ru
2024-08-21	www.sci-hub.ru
2024-01-08	sci-hub.se
2024-08-21	www.sci-hub.se
2024-01-08	sci-hub.st
2024-08-21	www.sci-hub.st
2023-08-07	serienfans.org
2024-08-21	www.serienfans.org
2024-07-21	serienjunkies.biz
2024-08-21	www.serienjunkies.biz
2024-07-21	serienjunkies.eu
2024-08-21	www.serienjunkies.eu
2024-07-21	serienjunkies.info
2024-08-21	www.serienjunkies.info
2022-04-04	serienjunkies.org
2024-07-21	new.serienjunkies.org
2024-08-21	www.serienjunkies.org
2024-07-21	serienjunkies.us
2024-08-21	www.serienjunkies.us
2021-03-30	serienstream.to
2024-08-21	www.serienstream.to
2021-03-30	serien.sx
2021-03-30	s.to
2024-08-21	www.s.to
2024-07-21	streamkiste.club
2024-07-21	streamkiste.fun
2024-07-21	streamkiste.me
2024-07-21	streamkiste.net
2024-07-21	streamkiste.pro
2024-07-21	streamkiste.pw
2024-07-21	streamkiste.site
2024-07-21	streamkiste.space
2021-09-09	streamkiste.tv
2024-08-21	www.streamkiste.tv
2022-12-05	taodung.com
2024-07-21	tazz.tv
2024-07-21	tennis.stream
2024-07-21	kinox.unblockit.black
2024-07-21	kinox.unblockit.day
2024-07-21	kinox.unblockit.llc
2024-07-21	kinox.unblockit.mov
2024-07-21	kinox.unblockit.ong
2024-07-21	newalbumreleases.unblocked.co
2024-07-21	newalbumreleases.unblockit.app
2024-07-21	newalbumreleases.unblockit.bet
2024-07-21	newalbumreleases.unblockit.blue
2024-07-21	newalbumreleases.unblockit.buzz
2024-07-21	newalbumreleases.unblockit.cam
2024-07-21	newalbumreleases.unblockit.cat
2024-07-21	newalbumreleases.unblockit.ch
2024-07-21	newalbumreleases.unblockit.club
2024-07-21	newalbumreleases.unblockit.day
2024-07-21	newalbumreleases.unblockit.dev
2024-07-21	newalbumreleases.unblockit.how
2024-07-21	newalbumreleases.unblockit.ink
2024-07-21	newalbumreleases.unblockit.ist
2024-07-21	newalbumreleases.unblockit.kim
2024-07-21	newalbumreleases.unblockit.li
2024-07-21	newalbumreleases.unblockit.link
2024-07-21	newalbumreleases.unblockit.ltd
2024-07-21	newalbumreleases.unblockit.me
2024-07-21	newalbumreleases.unblockit.name
2024-07-21	newalbumreleases.unblockit.nz
2024-07-21	newalbumreleases.unblockit.onl
2024-07-21	newalbumreleases.unblockit.uno
2024-04-02	ziperto.com
2024-08-21	www.ziperto.com

The list is a bit strange: for example, it contains www1.kinox.to, www2.kinox.to, and www4.kinox.to, but not www3.kinox.to.

[wkrp]

Does anyone know what one of the DNS blocks looks like? Is the returned IP address one of the ISP's own, an IP address shared by all member ISPs, or a useless one like 127.0.0.1? Do you get 2 DNS responses (the one containing the block address and a real one) or just 1 (the one containing a block address). In other words, is it DNS response injection, or did the ISPs program their own resolvers to respond differently to queries for certain names? The provided circumvention instructions seem to recommend just turning on DNS over HTTPS.

[mmmray]

Except for things like captive portals, most DNS blocks in central and western europe are performed without any response injection. It's not just DoH that can bypass those (mostly copyright-related) restrictions but any change in DNS servers at all. In Germany specifically, ISPs face a surprising amount of liability for individual cases of copyright infringement or any misbehavior of their users. I am not sure if that might explain their behavior in the case of website blocking.

[DAMcraft]

hey, owner of cuiiliste.de here
a CUII blocked site returns a CNAME going to notice.cuii.info

interestingly enough, we observed that the biggest german ISP, Telekom, recently stopped returning that CNAME and now just returns NXDOMAIN. try it yourself: dig kinox.to @dns.telekom.de

info: the DNS resolver in the screenshot can only be accessed if 1&1 is your ISP.

[DAMcraft]

The list is a bit strange: for example, it contains www1.kinox.to, www2.kinox.to, and www4.kinox.to, but not www3.kinox.to

hey, it's an original list from the cuii, i have no clue why they're doing it like that.
also, in some cases only www subdomains are blocked (like www.kinox.fyi, kinox.fyi itself isn't blocked)
you can test a domain here:
https://cuiiliste.de/probe?domain=kinox.to

since the cuii isn't blocking wildcard records, but instead are blocking all subdomains manually, we decided to include the www3 and other subdomains.

[wkrp]

a CUII blocked site returns a CNAME going to notice.cuii.info

Great, thanks for that information. With this, I was able to find examples of such DNS blocks in OONI explorer, like this one in Deutsche Telekom. It seems OONI doesn't record the CNAME record, but it does have the A record of 167.233.14.14. As expected, it leads to an eventual ssl_invalid_hostname error as the notice.cuii.info server doesn't have a certificate for sci-hub.se.

https://explorer.ooni.org/m/20240819220406.466321_DE_webconnectivity_1e0e3b6a896d55ff

{
  "input": "https://sci-hub.se/",
  "measurement_start_time": "2024-08-19 22:04:05",
  "probe_asn": "AS3320",
  "probe_cc": "DE",
  "probe_network_name": "Deutsche Telekom AG",
  "report_id": "20240819T220216Z_webconnectivity_DE_3320_n1_7rgS9FQZEtLxh5WU",
  "resolver_asn": "AS3320",
  "resolver_ip": "217.237.150.54",
  "resolver_network_name": "Deutsche Telekom AG",
  "test_keys": {
    "queries": [
      {
        "answers": [
          {
            "asn": 24940,
            "as_org_name": "Hetzner Online GmbH",
            "answer_type": "A",
            "ipv4": "167.233.14.14",
            "ttl": null
          }
        ],
        "engine": "system",
        "failure": null,
        "hostname": "sci-hub.se",
        "query_type": "A",
        "resolver_hostname": null,
        "resolver_port": null,
        "resolver_address": "",
        "t": 0.019840731,
        "tags": null
      }
    ],
    "dns_experiment_failure": null,
    "dns_consistency": "inconsistent",
    "http_experiment_failure": "ssl_invalid_hostname",
  },
  "test_name": "web_connectivity",
}

Looking at the past month of measurements, about half are showing as Anomaly.

https://explorer.ooni.org/chart/mat?test_name=web_connectivity&axis_x=measurement_start_day&since=2024-07-25&until=2024-08-25&time_grain=day&probe_cc=DE&domain=sci-hub.se