-
-
Notifications
You must be signed in to change notification settings - Fork 2.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Blocking AAAA (IPv6) Requests #47
Comments
https://github.com/qutorial/hoststool |
@hd074 interesting proposal. I like it. |
@qutorial Thanks for that. If somebody is interested in the IPv4+IPv6 bash script: |
@hd074 nice bash! |
Related: AdAway/AdAway#680 |
Wouldn't using |
@lewisje that's a fair point. Thanks! |
@lewisje Thanks! updated my scripts. |
Good suggestion. The only thing to be mindful of is that sometimes IPv6 sites are hosted on different sub-domains to their IPv4 domains. I think this is less common these days now than it once was (eg Google used to only have |
+1 for this issue. |
@hd074 Your script works great on my DD-WRT router, thanks! Startup script:
Additional DNSmasq options: |
Can someone draft an edit for the readme-template.md for the takeaways from this issue to be added to the "Interesting Applications" section so we can close this issue before it hits the two-year mark, with over a year of no activity? Preferably someone who can verify the validity of the information provided with their own working knowledge and a working version of dnsmasq. |
I know this is a old post but i just want to thank @hd074 for implementing the solution.I recently figured out how to use dnsmasq on my router and noticed that all IPv6 addresses going trough and i found this post which saved me a lot of time to research on "how to".I'm pretty sure that this post would help others like me in the future so i'll post how i decided to do it: I basically (due to using two hosts files from different sources) first removing empty lines,comments etc. on both of them then merging them and removing duplicates if any and then creating additional identical hosts file for the IPv6 only and adding it (addn-hosts=) to dnsmasq.conf (the whole process takes about 11 sec. which is not bad). Now dnsmasq reads from two hosts files and so far i didn't notice any delays when loading pages which is very good news.I'll post my little script here just for reference if anyone needs it: #!/bin/sh wget https://raw.githubusercontent.com/StevenBlack/hosts/master/alternates/fakenews/hosts -O THANKS AGAIN TO ALL PARTICIPANTS |
This issue has been automatically marked as stale because it has not had recent activity. It will be closed in 14 daysif no further activity occurs. Thank you for your contributions. |
stale bot has a typo in template... |
@StevenBlack IIUC, this is effectively solved via @ScriptTiger's IPv4_IPv6 conversion @ https://scripttiger.github.io/alts/. Close FTW, or are y'all thinking of an in-house version? |
I'm running OpenWRT with dnsmasq on my personal router where I use the generated hostfile.
The Problem
Host names that are blocked by the hostsfile (0.0.0.0 redirect) can be bypassed by AAAA requests.
Background:
nslookup google-analytics.com
(which is blocked by the hostsfile) on a local machine in my network returns "0.0.0.0" and a remote IPv6 adress.Looking into the log files of the router one could see that the A-Request is blocked by the hostsfile, but the AAAA request is redirected to the remote DNS-Server.
Solution
Shouldn't we start blocking AAAA (IPv6) requests as well by generating ::1 entries to the existing entries? That would result in a doubled size of the hosts file.
would become
Testing
As a "real life test" I applied the mentioned change (adding ::1 entry for every 0.0.0.0 entry).
The log files show that within 20 hours there were 49 of the ::1 entries that were blocked (which normally wouldn't have been).
So this really seems to be a thing to think about.
The point is that I'm not 100% sure if that applies to hosts files on local machines too or if that's just a dnsmasq thing.
I myself find it necessary to implement the AAAA Blocking as well. For personal use I wrote a script for that. The question is if you want/need to integrate this in your project.
Any ideas or opinions anyone?
The text was updated successfully, but these errors were encountered: