search

hagezi / dns-blocklists

DNS-Blocklists: For a better internet - keep the internet clean!
GNU General Public License v3.0
6.95k stars 230 forks source link

NXdomain vs 0.0.0.0 #2736

Closed Poochy1130 closed 6 months ago

Poochy1130 commented 6 months ago

I just installed adguard pro on my friends device should I use blocking mode 0.0.0.0 or NXdomain in 24 hours he seems to block more with 0.0.0.0 then I do in 24 hours with NXdomain I thought I was blocking less cause NXdomain is a cached response to the ttl and 0.0.0.0 doesn't could I get some insight on that or should I change to 0.0.0.0 as well

Poochy1130 commented 6 months ago

How is it off topic if it's referring to the best blocking method to use with your block list

xRuffKez commented 6 months ago

Using NXDOMAIN (Non-Existent Domain) and 0.0.0.0 as responses for DNS sinkholing has distinct pros and cons. Here’s a comparison: NXDOMAIN Pros:

Clear Indication: NXDOMAIN explicitly indicates that the domain does not exist, which can be useful for logging and troubleshooting.
Reduced Traffic: No network traffic is generated as there is no IP address to connect to, which can be beneficial in reducing unnecessary network congestion.
Compatibility: Most applications and systems handle NXDOMAIN gracefully, understanding it as a clear signal that the domain is unreachable.
Security: Since no connection is attempted, it reduces the risk of any interaction with potentially harmful or compromised addresses.

Cons:

User Experience: Some applications or browsers might display error messages or attempt additional lookups when receiving an NXDOMAIN response, which could confuse users.
No Customization: With NXDOMAIN, you cannot direct users to a custom block page or message, which might be useful in some environments.

0.0.0.0 Pros:

Immediate Failure: Redirecting to 0.0.0.0 results in immediate connection failure, leading to minimal delays in the user experience.
Custom Handling: Some systems can be configured to provide specific responses or behavior when connecting to 0.0.0.0, allowing for customized handling.
Versatility: It's a common and widely understood method, making it easy to implement and troubleshoot.

Cons:

Log Clutter: Some systems might log the connection attempts to 0.0.0.0, which could clutter logs.
Potential Application Issues: Although rare, some applications might not handle connections to 0.0.0.0 gracefully, potentially causing unexpected behavior.
Network Traffic: Although minimal, there may still be some network traffic as the connection attempt to 0.0.0.0 is initiated and then fails.

Summary

NXDOMAIN is preferable when you want a clear indication that the domain does not exist and want to avoid generating any network traffic. It is also beneficial for compatibility and security, ensuring no interactions with potentially harmful domains.
0.0.0.0 is useful when you need to customize the handling of blocked domains or when immediate failure is acceptable. It may be slightly less clear in logs and can generate minimal network traffic, but it is versatile and commonly used.

The choice between NXDOMAIN and 0.0.0.0 depends on your specific needs for network traffic, logging clarity, user experience, and customization.

Poochy1130 commented 6 months ago

Thank you bro I appreciate the answer

Poochy1130 commented 5 months ago

I'm using the loop address as the blocking method Image **

xRuffKez commented 5 months ago

Could result in fallback handling

Poochy1130 commented 5 months ago

What does that mean exactly its not as clean as NXdomain or 0.0.0.0