[Dnsmasq-discuss] What IP to use for ad/track blocking?

Chris Green cl at isbd.net
Tue Feb 11 23:53:33 GMT 2014

On Wed, Feb 12, 2014 at 12:24:22PM +1300, Bob Brown - Turboweb wrote:
> I can't claim credit for this response as I asked a local guru I
> know and here is his response regarding the concept of whether
> there's a "null" IP you can use ...
> Nope, not really ... but there are the reserved RFC1918 address
> ranges that could be used - 127/8, 10/8, 172.16/12, 192.168.0/16.

Yes, I wondered about that, I'm using the 192.168.0/16 range for my
LAN but the others would be possible, though they'll generate timeouts
as noted below won't they?

> What this DNSmasq thing is doing it trying to 'throw away' requests
> for the specified sites completely, but in fact all it is doing is
> to provide an answer, just not the one they wanted. In this case the
> answer was '' and for the person on this post, they were
> testing *from the server* so of course they got the server's local
> HTTP service. If you tried it from a workstation, you'd not get the
> same result ... unless you had a web server installed on there as
> well. The default web servers listen to anything on 127/8 :-)
It's "from the server" because I run apache2 on my desktop machine.

> You can return any IP you want with dnsmasq, and if you return an
> address that doesn't exist you'll trigger a long timeout while the
> web browser waits for an answer ... so it's best to not do this at
> all. If you don't use the 10/8 network, you'd say
> address=/ihatethissite.com/
> <http://ihatethissite.com/> ...
Yes, absolutely, I realised that a non-existent address would slow
things down, not a good idea.  In fact it seems to me that will always
be an issue won't it.

> I note that all of the addresses in that example are effectively web
> services, so in this case the better option would be to have a web
> proxy on the network that filtered out those sites. The other common
> alternative is to have a web browser do the filtering (using an
> addon like NoScript or something); and of course you also keep
> another web browser handy that doesn't have those restrictions, just
> in case one day you need those sites ...
The advantage of using dnsmasq is its simplicity and it works for all
users on the LAN rather than having to install add-ons in everyone's
web browser.  A proxy would be OK except that I've nowhere to put it
really.  A proxy produces the same problems anyway doesn't it as the
request is generated at the client end so *something* has to be
returned to the client when an unwanted site is requested doesn't it?

Chris Green

More information about the Dnsmasq-discuss mailing list