Hey Ercolino,
In the context of adblocking I am told certain browsers/systems react
much better when the DNS server returns FORBIDDEN (I guess they mean
REFUSED which is return code 5
https://www.iana.org/assignments/dns-parameters/dns-parameters.xhtml#dns-parameters-6)
as this instructs the query generator (app) to stops hammering again
for such domain.
Have you actually tried this?
A few years back, the Pi-hole team explored various possibilities for
blocking requests. REFUSED was among them. However, in our testing,
devices did not stop to request when they received REFUSED but continued
hammering the server. This was especially true for embedded devices
where any kind of DNS "error" may simply trigger endless repetitions.
The best compromise we could come up with was in fact defining a "valid"
response (A 0.0.0.0, AAAA ::) for blocking.
Best,
Dominik
It seems like this behavior can be achieved in dnsmasq via the syntax
local=/example.com/127.0.0.1
Great. Since we run this on routers (Tomato) the dsnamsq configuration
file size matters.
Bottom line: Could we have a shortcut char for REFUSED as well e.g.
local/example.com/%
As an alternative request... is it a good idea to re-thing the
shortcut approach and simply allow the rfc's RCODE after the latest
slash to return the correspondent RCODE name? e.g.
local/example.com/2 // ServFail
local/example.com/9 // notAuth
etc?
Thanks
_______________________________________________
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
_______________________________________________
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
