Hello,
On Tue, 29 Aug 2017, Walter Dnes wrote:
> I'm building up a rather large hosts file, but the adservers have a
>gazillion subnames for each domain, in a deliberate attempt to bypass
>hosts files. It would be more effective block entire domains. Is there
>a lightweight DNS server, or some iptables trick, or whatever, that'll
>block specified domains?
Use 'dnsmasq'!!! I have e.g. this "basic" config (shortened to the
relevant parts):
==== /etc/dnsmasq.conf ====
[..]
# define servers for forwarding, e.g. my router[1]:
server=192.168.178.1
[..]
conf-file=/etc/dnsmasq.d/blocklist.conf
==== /etc/dnsmasq.d/blocklist.conf ====
# Google
address=/1e100.net/127.0.1.1
address=/google-analytics.com/127.0.1.1
address=/googleadservices.com/127.0.1.1
address=/googlesyndication.com/127.0.1.1
address=/googletagservices.com/127.0.1.1
address=/googletagmanager.com/127.0.1.1
address=/double-click.net/127.0.1.1
address=/doubleclick.com/127.0.1.1
address=/doubleclick.net/127.0.1.1
# Farcepalm
address=/fb.com/127.0.1.1
address=/fbcdn.net/127.0.1.1
address=/facebook.com/127.0.1.1
address=/facebook.net/127.0.1.1
address=/facebook.de/127.0.1.1
address=/facebook.fr/127.0.1.1
address=/facebook.co.uk/127.0.1.1
address=/whatsapp.de/127.0.1.1
address=/whatsapp.com/127.0.1.1
address=/internet.org/127.0.1.1
address=/internet.com/127.0.1.1
# ...
====
Result:
$ host fb.com
fb.com has address 127.0.1.1
$ nslookup fb.com
Server: 127.0.0.1
Address: 127.0.0.1#53
Name: fb.com
Address: 127.0.1.1
It's still a ton of domains to add, but much less generally. I still
wish it'd do "shell-style" globbing like /facebook.*/ or
/facebook.{com,net,de,fr,co.uk}/ ... You could write a little
generator for that if need be ...
You can also use conf-dir instead of conf-file:
====
-7, --conf-dir=<directory>[,<file-extension>......],
Read all the files in the given directory as configuration
files. If extension(s) are given, any files which end in those
extensions are skipped. Any files whose names end in ~ or start
with . or start and end with # are always skipped. If the exten-
sion starts with * then only files which have that extension are
loaded. So --conf-dir=/path/to/dir,*.conf loads all files with
the suffix .conf in /path/to/dir. This flag may be given on the
command line or in a configuration file. If giving it on the
command line, be sure to escape * characters.
====
Actually, I've just switched to
conf-dir=/etc/dnsmasq.d,*.conf
so I can script some stuff (Makefile, .in template, to e.g. expand
at least {a,b,c} style globs ;)
HTH,
-dnh
[1] note: I do not use my router with its provider-provided
DNS-servers, but I use open servers from opendns.com and
www.privacyfoundation.ch or others. Not goggles though.
--
Living on Earth may be expensive, but it includes an annual free trip
around the Sun. -- BSD fortune file
