On Wed 27 Jun 2018 at 10:17:11 (+0300), Reco wrote: > Hi. > > On Tue, Jun 26, 2018 at 05:51:27PM -0500, David Wright wrote: > > > 2) Why bother with /etc/hosts at all, if one can use DNS or HTTP proxy > > > for the same purpose with much simplier configuration (hint - you cannot > > > block all sites in a domain via /etc/hosts unless you list all of them > > > there). > > > > That's probably why it's so long. > > That's the only reason it's that long.
On further checking, the current hitlist of sites has 13531 hostnames. A global edit in emacs and a sort -u yields a list of two-component domains, and this edited list has 6765 items. > > But do I want to set up a DNS proxy > > on each host, with any wheezy, jessie and stretch differences to sort > > out? > > Why would you? You set up a single DNS (or HTTP proxy) and point all > your devices there. I can't guarantee that any particular machine at home is always running as a proxy whenever I browse using an arbitrary machine for browsing. My home isn't a business running a server 24/7, and my consumer-grade router runs only DHCP, not DNS. > Setting up a local DNS resolver is justifiable for a laptop, of course, > provided you carry one with you into different networks. I'm not sure what you mean. The only resolver at home is /etc/hosts, which is very easy to maintain. I have a master list of local hosts (PC/router/phone/printer/TV/roku devices) and the hitlist, and a one-liner to install it (concatenate, and mangle the host's own IP address). > > Then I have to maintain my list of domains to send to localhost. > > Where do I start with that? > > My DNS of choice for small LAN segments is dnsmasq. Sure. But who's going to generate the list of domains¹? As I said, my edited list has 6765 items, but is unsuitable for use as is: it might be sensible to block ads.youtube.com, but not youtube.com. > > > 3) Why cripple system-wide resolver for a single program (in this > > > case - a browser). A suitable browser plugin should suffice here. > > > > How long does it take to read ½MB into memory (once) and then check > > it? Obviously not very long as it works well. > > You misunderstood me, it seems. You make a change to the file that's > respected by each and every program that utilizes gethostbyname(3) and > gethostbyaddr(3). > The only positive thing that achieves is better browsing experience, and > the reason you do this is the brokenness of Modern Web™. > At the same time you get numerous side effects for every other program > in your system(s), which may or may not be problematic. I'm not aware of any other program that's 1% as promiscuous as a browser. (Perhaps you could suggest some.) OTOH there are legitimate sites that block my traffic on occasion, eg Cox (my ISP) and Debian blocking my "spam" on the basis of blacklistings. > > A plugin means yet more maintenance for me to do. > > They say that one should not argue about tastes. So I won't. I'm not sure who's arguing. You asked three questions and I'm trying to answer them in a way that reveals my motives. So if I install a suitable plugin, how do I choose it and where do I obtain the list of domains² to block? Cheers, David. ¹-² I've posted the source of my hostname hitlist; perhaps someone will post the source of a similar kind of domain hitlist.
