Hello, On Mon, 12 Mar 2018, Anton Aylward wrote:
What am I missing?
I am using the 'additional hosts' mechanism of DNSMasq to block adverts
Don't. The "hosts" syntax has no wildcards.
127.0.0.1 server-13-33-160-47.ord50.r.cloudfront.net [..] I restart dnsmasq and it confirms that it read that file
Ok. [..]
What am I missing? Is this caching problem? How do I flush cache?
I use an "include" file (via conf-dir) for blocking, and the address= mechanism: ==== /etc/dnsmasq.conf [pruned] ==== no-resolv [..] # resolver4.opendns.com server=208.67.222.222 # various more servers server=... [..] interface=lo # see manpage for the syntax of conf-dir= conf-dir=/etc/dnsmasq.d,*.conf # EOF ==== ==== /etc/dnsmasq.d/blocklist.conf [just 2 sample (wildcard) domains] ==== address=/doubleclick.com/ address=/doubleclick.net/ address=/fb.com/ address=/fb.me/ address=/fbcdn.net/ address=/facebook.com/ address=/facebook.net/ address=/facebook.de/ address=/facebook.fr/ address=/facebook.co.uk/ ==== That empty "IP" gives a immediate NXDOMAIN reply to whatever's asking for a A / AAAA record for any host under those domains: $ nslookup www.fb.me Server: 127.0.0.1 Address: 127.0.0.1#53 ** server can't find www.fb.me: NXDOMAIN $ Oh, BTW: ==== /etc/resolv.conf ==== nameserver 127.0.0.1 ==== For actual IPs, add them after the second slash, e.g. I used the following while the NS for gmane had a problem: ==== address=/news.gmane.org/195.159.176.226 ==== Blocking works also with any 127/8 IP, as in address=/fb.me/127.1.2.3 or whatever. HTH, -dnh -- The social dynamics of the net are a direct consequence of the fact that nobody has yet developed a Remote Strangulation Protocol. -- Larry Wall -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org