David Wright wrote: > On Tue 04 Jan 2022 at 19:37:34 (+0100), to...@tuxteam.de wrote: > > On Tue, Jan 04, 2022 at 01:19:37PM -0500, Michael Stone wrote: > > > > [...] > > > > > And this is why putting stuff into /etc/hosts is basically never the right > > > answer. :) > > > > Eye, beholder and things. I've got a couple of them like so: > > > > # Pest: > > 127.0.0.1 www.google-analytics.com > > 127.0.0.1 ajax.google.com > > 127.0.0.1 ad.doublecklick.net > > 127.0.0.1 www.gstatic.com > > ... > > > > Yeah, some things stop working then. I want them to :) > > Agreed. I append a list of close to 14,000 addresses (including > comments) to the end of my own local /etc/hosts. I see very > few adverts. In fact, I was quite shocked when I just tried > DNS over HTTPS for a couple of minutes. The 10-day weather > profile that I screenshoot every day was plastered in popups. > > Anyone know how to combine DoH with resolving 14,000 addresses > to 127.0.0.1? Also, does that mean that DoH attempts to resolve > my local hosts before consulting /etc/hosts? I didn't stick > around DoH long enough to find out.
Here's what I do: My local DNS resolver offers DNS, DNS over TLS, and DNS over HTTPS. I supply a use-application-dns.net zone that returns NXDOMAIN. That tells browsers to not use DoH. I build an adblocker zone via a script that grabs several public lists, and those all return an address that is answered by a web server that always answers with a 204 (No Content, success). That's where you get to put your 14,000 addresses. The adblocker zone gets rebuilt when I feel like it; otherwise, I could put in a cron job to update it once a month or so. -dsr-
