Project should not be listed as working on Windows

[Michael-Z-Freeman]

This is twice I've walked into this trap. I have some memory problems so forgot I tried this project a couple of years ago and had to go into safe mode to fix zero connectivity. Why on earth is this project listed as having an option for Windows when the "solution" is completely non-functional ? As I now remember Windows does not handle the hosts file very well, so why does this project utilise it ? Please remove your claim that this project provides a way to block ads on Windows. If you develop a working solution then I will be more than glad to use it, but for the moment I don't want to have to go into safe mode to fix things. Thank you.

[ScriptTiger]

@Michael-Z-Freeman, as @AnonymousPoster said, if you're running Windows and need a solution to handle your hosts file for you and keep everything up to date, etc., definitely head over: https://github.com/ScriptTiger/Unified-Hosts-AutoUpdate

As @AnonymousPoster also stated, you can also use a DNS server implementation. And it doesn't have to be an either/or scenario, I use a hosts file blacklist in conjunction with a local DNS server, a local proxy server for additional traffic filtering, browser extensions to further secure Web browsing, along with an assortment of other software and hardware as part of a multi-pronged approach to cover several threat vectors.

GitHub

ScriptTiger/Unified-Hosts-AutoUpdate

Quickly and easily install, uninstall, and set up automatic updates for any of Steven Black's unified hosts files. - ScriptTiger/Unified-Hosts-AutoUpdate

[ScriptTiger]

Hey @Michael-Z-Freeman and @ScriptTiger Unbound isn't a DNS-Server it solely a DNS-Recursor

Big different 🤔 😃

If it serves a service, it's a server. There are, of course, big differences between the types of DNS servers. For example, BIND also does everything Unbound does, plus is an authoritative server. But they are both DNS servers serving the DNS protocol on port 53.

[ScriptTiger]

For in depth explanation by Cisco What Is the Difference Between Authoritative and Recursive DNS Nameservers?

Don't get me wrong, I love Cisco. I had to go through all their academy courses just like everyone else to get certified as a network professional. BUT after taking so many of their courses you realize they are also using their courses to advertise at the same time and you just need to balance things out while you read their materials.

The link you sent as an explanation is actually just setting you up to better understand Cisco Umbrella's DNS component. https://umbrella.cisco.com/products/features

But in reality a DNS-service would have to bee split in two very different services

Your statement is inaccurate. That article doesn't explain that it can actually be all a single server, like a single BIND instance can perform recursive and authoritative functions simultaneously. However, for security and performance reasons it is often separated into two separate server instances individually performing either the recursive function or the authoritative function. Cisco's product doesn't do this, so it doesn't talk about that in the article. Basically Cisco's product only does the same things as Unbound, while Unbound and NSD together cover the full spectrum of capabilities possible with BIND. You can configure BIND to do everything at the same time or configure it to do either one or the other. NLnet Labs,the makers of Unbound and NSD, chose a different model from BIND and chose to divide functions into two separate software specializations. Like I said, this offers both security and performance benefits, but it entirely depends on your infrastructure needs.

You can think of this similar to how Web servers have become specialized for serving static and dynamic content. Obviously you can choose to configure an Apache or Nginx to serve static and/or dynamic content, it entirely depends on your individual needs. However, this does not mean that you can only use Apache or Nginx as only a static Web server or only as a dynamic application server, although these functions are commonly separated into separate server instances.

The one part is serving (hosting) authoritative zone files while the other service is querying for authoritative records from the authoritative DNS-service

As I said above, a BIND server can be configured to allow recursive queries while also being an authoritative server at the same time. This is entirely dependent on infrastructure needs. You cannot say you can only do one or the other with a single server instance, even though it is commonly separated into two distinct functions for security and performance reasons.

Having misconceptions like this can cause serious problems when it comes time to design your network. I think the following illustrates the unnecessary headaches this misconception can lead to during network design. https://serverfault.com/questions/397835/multiple-authoritative-dns-server-on-same-ipv4-address

Features | Cisco Umbrella

Cisco Umbrella's cloud security platform uses the internet’s infrastructure to block malicious destinations before a connection is ever established.

Server Fault

Multiple authoritative DNS server on same IPv4 address

I'd like to maintain a DNS tunnel on my self-hosted server at example.com. I also have a DNS server on it, which serves everything for example.com. I'm currently using dns2tcp for DNS tunneling, on...

[stale[bot]]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

[lewisje]

What might help a little bit is re-writing the Windows version of this file so that nine blocked hostnames exist per line, rather than just one; the reason for not going for more is that Windows ignores any hostnames on a line after the first nine.

As for Unix-like systems, I don't think that there's an upper limit, but I experimented with DD-WRT and Ubuntu many years ago and noticed severe slowdowns with a bunch on one line, and then I settled on 24 per line.

With that said, I tried this sort of thing out and got a file that was more than 18 times as large as the file I had been using (8.14MiB vs. 237KiB, 42642 lines vs. 1405), so it might still overwhelm the Windows networking stack.

[funilrys]

Thanks @stalebot but I would like to keep this open. People should know this information.

[funilrys]

@Michael-Z-Freeman @AnonymousPoster @ScriptTiger Thanks for the support and discussion around this subject.

We will drop the support of the hosts file for windows once we are ready with our DNS server. @mitchellkrogza and I are moving all our infrastructure/server related to this project around a new host. It may take some time but we will get in there soon.

We will keep you informed. It's something we planned for months but it was not mature enough in my opinion. But, as stated, we are getting into it! 😃

Thanks for everything. Stay safe and healthy. Nissar

[friends96]

Hi hi hiiii! So i just fell for this windows trap! Thanks for the effort of puting this all together. But i just so happened to be using windows 10 and The DNS Client Sevice exploded with having a 10 MB hosts file. i couldnt browse internet (and for some reason i cant explain, even the search bar stopped working, WTF) The DNS Client service was using 10% of my CPU, and since it was using the hosts file, i couldnt edit it back to normal. Had to use this video https://www.youtube.com/watch?v=6HrCqcKF5CY to stop the service so i could edit the hosts file (Trying to delete instead of modifying gave me usefull information about what service was using it) Anyways, at least at the ReadMe please do specify that this error might occur. Putting it next to the download link would be desirable. Thanks a lot anyways for the project!

YouTube

How To Disable DNS Client Service in Windows 10

--------------------------------------------------------------------------------------------------------------------------------------------- Thank You For W...

[lewisje]

I've never had difficulty editing the HOSTS file on account of the DNS Client service, but maybe it's a matter of running Notepad from an elevated Command Prompt; another quick fix is to create a blank text file, copy your HOSTS file somewhere for editing, and then move the blank text file to replace the HOSTS file, and then run ipconfig /flushdns and then ipconfig /displaydns > NUL from an elevated Command Prompt.

[funilrys]

As of #590. You can now use our DNS servers.

But I like the idea to have 6-9 per line. It's probably a good idea even if it won't solve all the problem windows users meet.

[funilrys]

@friends96 Your idea your PR! Add your message/error/information into our README_template.md and let's discuss about it :-)

I think @spirillen wanted to write something about it too if I don't recall myself 🤔

Anyway, any help/improvement in the README (and everywhere) is welcome!

Stay safe and healthy. Nissar

[spirillen]

I would?

After some scratching of my bold (almost) head, I do come up with something about that, but I also remember something about you (@funilrys) was mentioning something about making a new FAQ? not sure whether it was for this repo or one of the other.

Hit me up an let's talk about it :smiley: :wave:

[AndyClausen]

I fell for the trap as well T_T I have a decently beefy computer, and my DNS service shat itself after updating to the ~10MB hosts file... Have anyone actually gotten it to work on win10? If not, then I think it's actually (unintentionally) harmful to list it without proper warning 😬

[dnmTX]

@AndyClausen THIS might be helpfull for you. Also HERE you can read about some workarounds. 👍

[ScriptTiger]

I fell for the trap as well T_T I have a decently beefy computer, and my DNS service shat itself after updating to the ~10MB hosts file... Have anyone actually gotten it to work on win10? If not, then I think it's actually (unintentionally) harmful to list it without proper warning 😬

Assuming that the "DNS service" you're referring to is the "DNS Client"/"dnscache" service, if that is truly your problem, then the common advice would be to just stop that service and disable it. It's a caching service, it is not actually responsible for DNS resolution. You can safely disable it and still resolve DNS entries. The catch is that without the service enabled, you no longer have caching, which means queries must be made to an external DNS service every time rather than to the internal cache, and thus performance is degraded. But some people don't mind the performance hit when balancing it with the security they feel of using a giant hosts file.

Another note with Windows 10, there may be permissions barring you from disabling that service. However, there are plenty of how-tos floating around the net and I don't want to promote any individual solution since they can all be dangerous if you don't know what you're doing. So I'll just recommend finding the solution that you feel the most comfortable with on your own.

More information on this can also be found in Steven Black's README: https://github.com/StevenBlack/hosts#warning-using-this-hosts-file-in-windows-may-require-disabling-dns-cache-service

[dnmTX]

Best explanation so far ☝️ (clear as day 😉 ). Thank you @ScriptTiger 👍

[AndyClausen]

Yes, it's the "DNS Client" service running through svchost.exe. Great that there's a workaround, but it really should be clear that it will basically handicap your PC if you put in the hosts list without any modifications beforehand. I could not modify the hosts file after saving, and I couldn't connect to any websites so I had to google on the phone and fiddle with it for half an hour before I successfully shut down all processes using the hosts file. Someone less tech savvy might stumble upon this and be stuck for days.

[dnmTX]

That's how you learn @AndyClausen,we all been there 😉

[ScriptTiger]

Someone less tech savvy might stumble upon this and be stuck for days.

People who are not "tech savvy," or otherwise don't know what they are doing, really should not be touching the hosts file at all. I can understand that perhaps after researching how common it may seem to modify it, it may make you feel comfortable in manipulating it. However, one must not forget that the hosts file is, in the end, a system file and is rooted into the very core of almost every single modern operating system's networking functionality, including Window, Mac, Linux, Android, etc. The hosts file, in fact, predates DNS and is prioritized higher than DNS, and as such is obviously an extremely crucial and sensitive component.

Not to sound flippant, but it can be likened to that of YouTubing brain surgery and thinking yourself qualified just because you watched some how-to videos and feel ready to start going work on someone's brain. I don't think it's every doctor's responsibility to tell everyone not to perform brain surgery if they don't know what they are doing. When you make the decision to self-educate and take matters into your own hands, you must also accept the consequences of your actions should something go wrong if you failed to self-educate sufficiently to properly prepare yourself for whatever action you intended to take when you set out.

[AndyClausen]

Did you just compare editing a hosts file to brain surgery? Anyhow, I don't understand why this is such a big deal. I'm asking for a small warning - you would probably put one in a brain surgery youtube video as well 😉

[dnmTX]

I don't understand why this is such a big deal. I'm asking for a small warning

ping @funilrys ☝️

[spirillen]

a system file and is rooted into the very core of almost every single modern operating system's networking functionality, including Window, Mac, Linux, Android, etc. The hosts file, in fact, predates DNS and is prioritized higher than DNS, and as such is obviously an extremely crucial and sensitive component.

You can de facto easily change the search order in linux.... hence change the wait for any of:

files mdns4_minimal [NOTFOUND=return] dns

These settings is normally stored in /etc/nsswitch.conf

Whereas:

• files = /etc/hosts
• mdns4_minimal (mdns4) = Local dns search (hostname)
• dns = DNS cache/resolvers

This means you can set it up to always use DNS only by simply delete files and mdns4(_minimal) from this file.

To read a bit more of this you can look at https://www.cyberciti.biz/faq/howto-change-dns-search-order-in-linux/

[funilrys]

Warning message added inside the README_template.md file. This should be fixed within the next deployment slot.

Feel free to @\ping me or reopen if it's not the case within the next 72 hours.