TIF - Block IPs with DNSmasq - `bogus-nxdomain=1.2.3.4`

[hagezi]

Hi @lynxthecat,

could you add support and test my TIF IP list in DNSmasq format in adblocklean?

bogus-nxdomain=1.2.3.4 All domains resolving to the "blocked" IP should be answered with NXDOMAIN.

The list: https://raw.githubusercontent.com/hagezi/dns-blocklists/main/dnsmasq/tif-ips.txt

Thank you, Gerd

[lynxthecat]

Sure, will add this in. Should the dnsmasq blocklist file simply contain those lines?

@Wizballs any thoughts on how we can introduce support for this?

I think the line to change would be:

https://github.com/lynxthecat/adblock-lean/blob/86eb29aa73e7c99980c463fba586a0c872dd47a7/adblock-lean#L220C2-L220C206

[hagezi]

@lynxthecat bogus-nxdomain=1.2.3.4 is the DNSmasq syntax, But I don't know if you can mix this with the local/server entries in a file. You would have to test that.

[lynxthecat]

@hagezi testing now. How can I test this with your test file once dnsmasq has been restarted? Can you give me an example lookup?

[lynxthecat]

So I tried just appending the bogus-nxdomain lines to the dnsmasq blocklist file.

Does this indicate that it is working:

root@OpenWrt-1:~# nslookup server-99-84-47-183.ewr52.r.cloudfront.net
Server:         127.0.0.1
Address:        127.0.0.1:53

** server can't find server-99-84-47-183.ewr52.r.cloudfront.net: NXDOMAIN

Non-authoritative answer:

If so, then @Wizballs all we need to do is simply insert any lines of format

bogus-nxdomain=1.2.3.4

into our master /tmp/blocklist before compression.

[hagezi]

How can I test this with your test file once dnsmasq has been restarted? Can you give me an example lookup?

Determine the IPs of e.g. reddit.com (dig reddit.com), block them with bogus-nxdomain and then try to resolve reddit.com. a dig should then return an NXDOMAIN as status.

[Wizballs]

Alrighty, bogus-nxdomain=xx.xx.xx now allowed (details in main openwrt thread). I've added this to my default lists due to the added protection. Currently ~200k lines.

[lynxthecat]

Added in https://github.com/lynxthecat/adblock-lean/commit/09ed8638fa814cfd84ec565971ae786ef516d0fc. New defaults for the blocklist file parts are:

blocklist_urls="https://raw.githubusercontent.com/hagezi/dns-blocklists/main/dnsmasq/pro.txt https://raw.githubusercontent.com/hagezi/dns-blocklists/main/dnsmasq/tif-ips.txt"