Re: Replacing /etc/hosts as a spyco 127.0.0.1 redirection address blocker ?
- From: Grant <g_r_a_n_t_@xxxxxxxxxx>
- Date: Sat, 30 Jan 2010 10:33:57 +1100
On Fri, 29 Jan 2010 23:04:56 GMT, Mike Jones <Not@xxxxxxxxxxx> wrote:
My /etc/hosts file is becoming rather large, and as the list of addresses
I find I'm adding to it grows daily, I'm now looking for an alternative
way to sidetrack DNS away from a list of possible connections.
One of the key problems with /etc/hosts is that every entry needs to be a
full address, meaning blocking "spyonyou.net" won't block
"hahagotcha.spyonyou.net", and so on.
With iptables I could block *.spyonyou.* to cover all spyonyou addresses,
but with the size of /that/ list, although it would be smaller than my
existing /etc/hosts file, it would cost system performance as iptables
processed it with each request.
Is there a way to duplicate the zero-weight /etc/hosts technique, but in
such a way as I can block whole domains with a single entry, as above?
Yes, use dnsmasq caching nameserver and a local 'deny_domains' file:
~$ grep deny /etc/dnsmasq.conf
conf-file=/usr/local/etc/deny_domains
~$ sudo head -5 /usr/local/etc/deny_domains
address=/2o7.net/192.168.3.3
address=/6to23.com/192.168.3.3
address=/a1.yimg.com/192.168.3.3
address=/doubleclick.net/192.168.3.3
address=/ad.bannerconnect.net/192.168.3.3
I chose to redirect crap sites to the server box, which satisfies requests
for unwanted web page stuff with harmles replacements -- I've also tried a
blackhole route (with iptables help), and lo...
Grant.
--
http://bugs.id.au/
.
- Follow-Ups:
- References:
- Prev by Date: Re: Replacing /etc/hosts as a spyco 127.0.0.1 redirection address blocker ?
- Next by Date: Re: Replacing /etc/hosts as a spyco 127.0.0.1 redirection address blocker ?
- Previous by thread: Re: Replacing /etc/hosts as a spyco 127.0.0.1 redirection address blocker ?
- Next by thread: Re: Replacing /etc/hosts as a spyco 127.0.0.1 redirection address blocker ?
- Index(es):
Relevant Pages
|
