The browsers cache, yes, but it would be a real problem if they didn’t respect the TTL at all and held it for the lifetime of the browser session - which could be a very long time. In Chrome for example, check out chrome://net-internals/#dns which has the current cache and all the expiration times.
> On Nov 26, 2015, at 10:59 PM, Mike Kershaw <drag...@kismetwireless.net> wrote: > > The problem is that browsers cache dns as well to speed up the user > experience. > > Yes, basically the only way to do this is changing the dns, but the browser > will remember the first response for some amount of time, up to the lifetime > of the browser session. > > > On Thu, Nov 26, 2015, 9:11 PM Shannon Weyrick <weyr...@mozek.us> wrote: > Another thought here is to control this via your own DNS recursor instead of > /etc/hosts. You can setup the free PowerDNS recursor > (https://www.powerdns.com/recursor.html) on your computer, then point your > resolv.conf to it (or put it in the DHCP on your network if you want other > machines to use it too). > > The trick here would be that PowerDNS lets you use LUA scripting to modify > DNS queries/results on the fly. With this, you could list the zones that you > wanted blocked during which time windows, then modify the TTL (in the > “postresolve" hook) on those zones to be something pretty low. That way even > your browser and OS DNS caches will expire and switch over quickly. > > I haven’t tried this, would be fun to know if it works! > > Shannon > > > On Nov 26, 2015, at 8:43 AM, Michael Muller <mmul...@enduden.com> wrote: > > > > > > James E. LaBarre wrote: > >> On 11/24/2015 04:41 PM, Mike Kershaw wrote: > >>> That's the problem. Full time blocking would be a lot simpler. > >>> > >>> There is no simple way to do this with mandatory ssl on youtube, modern > >>> browsers doing dns caching, etc. > >> > >> I *can* get the hack to work by rebooting the machine, just figured > >> there'd have to be a way to clear the local routes. > > > > It's not really the routing you're overriding, it's the DNS entries. > > > > Here's what I would try: > > > > - Use 'host' or 'nslookup' or 'dig' to get the addresses for the hosts you > > want to block. > > - Use iptables to add rules to disable communication to those addresses. > > > > There's still a lot of problems here. As Mike said, there's no guarantee > > that > > the set of ip addresses associated with youtube.com is static. Adding your > > DNS overrides in /etc/hosts should help with this. > > > > There's also the human problem that there's no limit to the number of ways > > you > > can waste time on the internet, so even if you succeed in blocking some set > > of > > domains, there's still millions of other ways to do non-homework activities. > > > > But as an 80% solution, this might work. > > > >> > >> > >> _______________________________________________ > >> Mid-Hudson Valley Linux Users Group http://mhvlug.org > >> https://mhvlug.org/cgi-bin/mailman/listinfo/mhvlug > >> > >> Upcoming Meetings (6pm - 8pm) Vassar College * > >> Dec 2 - File Systems From Simple To Distributed High Performance > >> Jan 6 - Why We Can'T Have The Internet Of Nice Things: A Home Automation > >> Primer > >> Mar 2 - Consuming The Cloud: Shoot Out > >> > > > > > > ============================================================================= > > michaelMuller = mmul...@enduden.com | http://www.mindhog.net/~mmuller > > ----------------------------------------------------------------------------- > > Reloaded. > > ============================================================================= > > _______________________________________________ > > Mid-Hudson Valley Linux Users Group http://mhvlug.org > > https://mhvlug.org/cgi-bin/mailman/listinfo/mhvlug > > > > Upcoming Meetings (6pm - 8pm) Vassar College * > > Dec 2 - File Systems From Simple To Distributed High Performance > > Jan 6 - Why We Can'T Have The Internet Of Nice Things: A Home Automation > > Primer > > Mar 2 - Consuming The Cloud: Shoot Out > > _______________________________________________ > Mid-Hudson Valley Linux Users Group http://mhvlug.org > https://mhvlug.org/cgi-bin/mailman/listinfo/mhvlug > > Upcoming Meetings (6pm - 8pm) Vassar College * > Dec 2 - File Systems From Simple To Distributed High Performance > Jan 6 - Why We Can'T Have The Internet Of Nice Things: A Home Automation > Primer > Mar 2 - Consuming The Cloud: Shoot Out > _______________________________________________ > Mid-Hudson Valley Linux Users Group http://mhvlug.org > https://mhvlug.org/cgi-bin/mailman/listinfo/mhvlug > > Upcoming Meetings (6pm - 8pm) Vassar College * > Dec 2 - File Systems From Simple To Distributed High Performance > Jan 6 - Why We Can'T Have The Internet Of Nice Things: A Home Automation > Primer > Mar 2 - Consuming The Cloud: Shoot Out _______________________________________________ Mid-Hudson Valley Linux Users Group http://mhvlug.org https://mhvlug.org/cgi-bin/mailman/listinfo/mhvlug Upcoming Meetings (6pm - 8pm) Vassar College * Dec 2 - File Systems From Simple To Distributed High Performance Jan 6 - Why We Can'T Have The Internet Of Nice Things: A Home Automation Primer Mar 2 - Consuming The Cloud: Shoot Out
