Re: keeping sites off

From: Laurent Bercot <ska-supervision_at_skarnet.org>
Date: Mon, 30 Mar 2020 00:18:27 +0000

>The problem is that /etc/hosts does not support wildcards, so
>graph.facebook.com (for example) is not filtered. So, is there any
>solution? Should I replace dnscache by something else? (something else
>trustworthy and supervision-friendly) Any other setup compatible with
>dnscache?

  What I do is:
  - run a tinydns on another IP address (if you only have 1 nic, you can
still attribute several IPs to it)
  - fill that tinydns with sink data for the things I want to block
  - configure my dnscache to query my internal DNS server for the zones
I want to block. In your case, if you tell your dnscache that your
internal DNS server is authoritative for the facebook.com zone, any
query for graph.facebook.com will go to your internal server.
  - no /etc/hosts manipulation needed.

--
  Laurent
Received on Mon Mar 30 2020 - 00:18:27 UTC

This archive was generated by hypermail 2.3.0 : Sun May 09 2021 - 19:44:19 UTC