[Dnsmasq-discuss] What IP to use for ad/track blocking?
Chris Green
cl at isbd.net
Tue Feb 11 23:53:33 GMT 2014
On Wed, Feb 12, 2014 at 12:24:22PM +1300, Bob Brown - Turboweb wrote:
> I can't claim credit for this response as I asked a local guru I
> know and here is his response regarding the concept of whether
> there's a "null" IP you can use ...
>
> Nope, not really ... but there are the reserved RFC1918 address
> ranges that could be used - 127/8, 10/8, 172.16/12, 192.168.0/16.
Yes, I wondered about that, I'm using the 192.168.0/16 range for my
LAN but the others would be possible, though they'll generate timeouts
as noted below won't they?
> What this DNSmasq thing is doing it trying to 'throw away' requests
> for the specified sites completely, but in fact all it is doing is
> to provide an answer, just not the one they wanted. In this case the
> answer was '127.0.0.1' and for the person on this post, they were
> testing *from the server* so of course they got the server's local
> HTTP service. If you tried it from a workstation, you'd not get the
> same result ... unless you had a web server installed on there as
> well. The default web servers listen to anything on 127/8 :-)
>
It's "from the server" because I run apache2 on my desktop machine.
> You can return any IP you want with dnsmasq, and if you return an
> address that doesn't exist you'll trigger a long timeout while the
> web browser waits for an answer ... so it's best to not do this at
> all. If you don't use the 10/8 network, you'd say
> address=/ihatethissite.com/10.0.0.1
> <http://ihatethissite.com/10.0.0.1> ...
>
Yes, absolutely, I realised that a non-existent address would slow
things down, not a good idea. In fact it seems to me that will always
be an issue won't it.
> I note that all of the addresses in that example are effectively web
> services, so in this case the better option would be to have a web
> proxy on the network that filtered out those sites. The other common
> alternative is to have a web browser do the filtering (using an
> addon like NoScript or something); and of course you also keep
> another web browser handy that doesn't have those restrictions, just
> in case one day you need those sites ...
>
The advantage of using dnsmasq is its simplicity and it works for all
users on the LAN rather than having to install add-ons in everyone's
web browser. A proxy would be OK except that I've nowhere to put it
really. A proxy produces the same problems anyway doesn't it as the
request is generated at the client end so *something* has to be
returned to the client when an unwanted site is requested doesn't it?
--
Chris Green
More information about the Dnsmasq-discuss
mailing list