1 |
Hello, |
2 |
|
3 |
On Tue, 29 Aug 2017, Walter Dnes wrote: |
4 |
> I'm building up a rather large hosts file, but the adservers have a |
5 |
>gazillion subnames for each domain, in a deliberate attempt to bypass |
6 |
>hosts files. It would be more effective block entire domains. Is there |
7 |
>a lightweight DNS server, or some iptables trick, or whatever, that'll |
8 |
>block specified domains? |
9 |
|
10 |
Use 'dnsmasq'!!! I have e.g. this "basic" config (shortened to the |
11 |
relevant parts): |
12 |
|
13 |
==== /etc/dnsmasq.conf ==== |
14 |
[..] |
15 |
# define servers for forwarding, e.g. my router[1]: |
16 |
server=192.168.178.1 |
17 |
[..] |
18 |
conf-file=/etc/dnsmasq.d/blocklist.conf |
19 |
==== /etc/dnsmasq.d/blocklist.conf ==== |
20 |
# Google |
21 |
address=/1e100.net/127.0.1.1 |
22 |
address=/google-analytics.com/127.0.1.1 |
23 |
address=/googleadservices.com/127.0.1.1 |
24 |
address=/googlesyndication.com/127.0.1.1 |
25 |
address=/googletagservices.com/127.0.1.1 |
26 |
address=/googletagmanager.com/127.0.1.1 |
27 |
address=/double-click.net/127.0.1.1 |
28 |
address=/doubleclick.com/127.0.1.1 |
29 |
address=/doubleclick.net/127.0.1.1 |
30 |
# Farcepalm |
31 |
address=/fb.com/127.0.1.1 |
32 |
address=/fbcdn.net/127.0.1.1 |
33 |
address=/facebook.com/127.0.1.1 |
34 |
address=/facebook.net/127.0.1.1 |
35 |
address=/facebook.de/127.0.1.1 |
36 |
address=/facebook.fr/127.0.1.1 |
37 |
address=/facebook.co.uk/127.0.1.1 |
38 |
address=/whatsapp.de/127.0.1.1 |
39 |
address=/whatsapp.com/127.0.1.1 |
40 |
address=/internet.org/127.0.1.1 |
41 |
address=/internet.com/127.0.1.1 |
42 |
# ... |
43 |
==== |
44 |
|
45 |
Result: |
46 |
|
47 |
$ host fb.com |
48 |
fb.com has address 127.0.1.1 |
49 |
$ nslookup fb.com |
50 |
Server: 127.0.0.1 |
51 |
Address: 127.0.0.1#53 |
52 |
|
53 |
Name: fb.com |
54 |
Address: 127.0.1.1 |
55 |
|
56 |
It's still a ton of domains to add, but much less generally. I still |
57 |
wish it'd do "shell-style" globbing like /facebook.*/ or |
58 |
/facebook.{com,net,de,fr,co.uk}/ ... You could write a little |
59 |
generator for that if need be ... |
60 |
|
61 |
You can also use conf-dir instead of conf-file: |
62 |
|
63 |
==== |
64 |
-7, --conf-dir=<directory>[,<file-extension>......], |
65 |
Read all the files in the given directory as configuration |
66 |
files. If extension(s) are given, any files which end in those |
67 |
extensions are skipped. Any files whose names end in ~ or start |
68 |
with . or start and end with # are always skipped. If the exten- |
69 |
sion starts with * then only files which have that extension are |
70 |
loaded. So --conf-dir=/path/to/dir,*.conf loads all files with |
71 |
the suffix .conf in /path/to/dir. This flag may be given on the |
72 |
command line or in a configuration file. If giving it on the |
73 |
command line, be sure to escape * characters. |
74 |
==== |
75 |
|
76 |
Actually, I've just switched to |
77 |
|
78 |
conf-dir=/etc/dnsmasq.d,*.conf |
79 |
|
80 |
so I can script some stuff (Makefile, .in template, to e.g. expand |
81 |
at least {a,b,c} style globs ;) |
82 |
|
83 |
HTH, |
84 |
-dnh |
85 |
|
86 |
[1] note: I do not use my router with its provider-provided |
87 |
DNS-servers, but I use open servers from opendns.com and |
88 |
www.privacyfoundation.ch or others. Not goggles though. |
89 |
|
90 |
-- |
91 |
Living on Earth may be expensive, but it includes an annual free trip |
92 |
around the Sun. -- BSD fortune file |