Open kbrierly opened 2 years ago
So you want that AAAA queries for certain domains (not all domains) return empty answer and not 0.0.0.0 (as typical ad blocking use case), right?
Yes, just certain domains. The A record shouldn't be touched, but the AAAA should return :: Completely stripping the AAAA may work as well but all the solutions i've seen return ::
dnsmasq:
server=/netflix.com/
address=/netflix.com/::
unbound:
local-zone: "netflix.com" typetransparent
local-data: "netflix.com IN AAAA ::"
NOTE: I've currently got it working by using conditional forwarding of the netflix domains to a dnsmasq server with the domain rules in place. It would be great to have it built-in as multiple chained servers introduce delays and complexity.
With filtering:
# host netflix.com
netflix.com has address 3.225.92.8
netflix.com has address 54.160.93.182
netflix.com has address 3.211.157.115
netflix.com has IPv6 address ::
Without filtering:
# host netflix.com 8.8.8.8
netflix.com has address 3.211.157.115
netflix.com has address 54.160.93.182
netflix.com has address 3.225.92.8
netflix.com has IPv6 address 2600:1f18:631e:2f85:93a9:f7b0:d18:89a7
netflix.com has IPv6 address 2600:1f18:631e:2f84:4f7a:4092:e2e9:c617
netflix.com has IPv6 address 2600:1f18:631e:2f83:49ee:beaa:2dfd:ae8f
Thanks!
With your example customDNS configuration, you'll get zero IP as AAAA response and not empty result. If is nice if it works, but is is technically not the same result.
We do already have "filtering" in blocky, which returns empty result for certain query types. I think, we can extend this functionality and allow filtering on other conditions.
My configuration is currently replicating what I had in place before blocky with the unbound/dnsmasq solution. So I have the functionality I need for now however the configuration is indeed overly complex and relies on an undocumented feature I found by trial and error.
Ideally updating filtering mode to work conditionally on domains or other conditions would allow implementation method 2 in the gist I linked in the original post which accomplishes the same result. It would also likely be a much simpler in the configuration file.
Thanks.
@0xERR0R Another use case for this:
Sometimes I am running into issues with https://rubygems.org and ipv6. It's really hard to force ipv4 for one domain on macOS / the ruby toolchain. Just resolving the AAAA to zero IP fixed it for all hosts in the network.
The way PiHole chose to implement, is the possibility to have a "query parameter" in the block rules:
rubygems.org;querytype=AAAA
I've recently started using blocky and it's been great so far. So far I've used Custom records to implement lancache redirects.
I however I cannot see a way to strip IPv6 for only certain domains, just all domains.
This is a problem for me as i use He.net tunnelbroker for Ipv6 and several online services consider tunnelbroker a proxy. The solution in dnsmasq and unbound is create entries to block just the ipv6 lookups for a set of domains.
Would it be possible to add per domain stripping functionality to blocky?
Background Info: https://gist.github.com/jamesmacwhite/6a642cb6bad00c5cefa91ec3d742e2a6