Does any know which DNS domains Max, the old HBO MAX, streaming service uses?

[cshilton]

Q: Has anyone enumerated the domains that the "MAX" service is using so I can add them to my filter?

I'm trying to update my DNS filter on my firewall and I've noticed that after they rebranded from "HBO MAX" to "MAX", all the domains changed. When I try to get to MAX on my laptop, I get a GeoIP based block. Like many, I fixed this problem by blocking AAAA DNS from certain domains but the domains used by "MAX" seem to have changed since the rebrand.

[cshilton]

A user on reddit gave me the solution. There's a browser extension called IPvFoo that will show you the resources a web pages is using by IP address and thus protocol, IPv4 or IPv6. Using IPvFoo you can quickly figure out what resources should be listed in your firewall blocking list.

Thanks all

[rdk]

I would love if you'd give a little bit more detail . . .  On a linux box, I can't stream so I can't get a list of streaming IPs to block.

[rdk]

Here is my list.  Might be overkill but MAX now working on my subnets.

 2600:9000:24f8::/48
 2600:1901:0:ded2::/64
 2600:9000:a60c:cc9b::/64

 2600:9000:24f8::/48
 2600:1901:0:ded2::/64
 2600:9000:a60c:cc9b::/64

 2600:9000:24f8:e200:1f:da81:ba40:93a1
 2600:9000:24f8:1400:1f:da81:ba40:93a1
 2600:9000:24f8:d400:1b:81f4:8200:93a1
 2600:9000:a41e:d356:d341:6bf:9f6:2751
 2600:9000:a710:90b8:c006:3fc7:6367:4f5f
 2600:9000:a710:90b8:f690:dc03:fd45:b50a
 2600:9000:a710:90b8:c006:3fc7:6367:4f5f

 2600:1402:1400:37::1735:def
 2600:1402:1400:37::1735:df1
 2600:1405:800::6864:a8e0

[cshilton]

I do this by name because the addresses aren't even remotely static. My program consumes this YAML file:

Code Select Expand

---
blocklist:
  max:
    prefixlen: 48
    sitelist:
      - www.max.com
      - auth.max.com
      - default.prd.api.max.com
      - events.prd.api.max.com
      - telegraph.prd.api.max.com
      - play.max.com
      - busy.prd.api.max.com
      - default.prd.api.max.com
      - default.use.prd.api.max.com
      - services.brightline.tv
      - cdn-media.brightline.tv
      - images.cdn.prd.api.discomax.com
      - busy.prd.api.discomax.com
      - images.cdn.prd.api.discomax.com
      - akm.prd.media.h264.io
      - gcp.prd.media.h264.io
      - cf.prd.media.h264.io
      - beam-images.warnermediacdn.com
      - lightning.warnermediacdn.com
      - wmff.warnermediacdn.com
      - geolocation.onetrust.com

Explanation: max as in "max:" refers to the HBOmax service. I have a program that goes through every name in sitelist and does a AAAA lookup. It cuts the answer back to a [...]/48 block and then adds those blocks to my firewall. My firewall sends an immediate TCP RST for new connections to any address in the set of /48 blocks.

More detail: My strategy is defense in depth. I maintain two tables on a PfSense firewall one is a list of external addresses to automatically block when an internal host tries to start a TCP connection. The other is a list of internal address who see a TCP RST for any connection to IPv6 TCP port 80 or 443. Between those two list and happy eyeballs, my streaming devices have no trouble consuming HBOMax. Finally, my DNS resolver doesn't do AAAA resolution for a set of domains.