[opensuse] DNSmasq problems
What am I missing? I am using the 'additional hosts' mechanism of DNSMasq to block adverts Only DNSmasq doens't seem to be diing the job. I have the 'additional hosts' defined in the /etc/dnsmasq.conf # grep -C 2 addn /etc/dnsmasq.conf # or if you want it to read another file, as well as /etc/hosts, use # this. addn-hosts=/etc/dnsmasq.d/block.hosts.txt I have a goddamnawful advert from a site defined there, along with a lot of ther stuff # grep server-13-33-160-47.ord50.r.cloudfront.net /etc/dnsmasq.d/block.hosts.txt 127.0.0.1 server-13-33-160-47.ord50.r.cloudfront.net I restart dnsmasq and it confirms that it read that file # systemctl status dnsmasq.service * dnsmasq.service - DNS caching server. Loaded: loaded (/usr/lib/systemd/system/dnsmasq.service; enabled; vendor preset: disabled) Drop-In: /run/systemd/generator/dnsmasq.service.d `-50-insserv.conf-$named.conf Active: active (running) since Mon 2018-03-12 12:00:42 EDT; 1min 16s ago Process: 8002 ExecStartPre=/usr/sbin/dnsmasq --test (code=exited, status=0/SUCCESS) Main PID: 8005 (dnsmasq) Tasks: 1 (limit: 512) CGroup: /system.slice/dnsmasq.service `-8005 /usr/sbin/dnsmasq --log-async --enable-dbus --keep-in-foreground Mar 12 12:00:42 main.HOME.SystemI.ca systemd[1]: Started DNS caching server.. Mar 12 12:00:42 main.HOME.SystemI.ca dnsmasq[8005]: started, version 2.78-security-prerelease cachesize 2000 Mar 12 12:00:42 main.HOME.SystemI.ca dnsmasq[8005]: compile time options: IPv6 GNU-getopt no-DBus i18n no-I...tify Mar 12 12:00:42 main.HOME.SystemI.ca dnsmasq[8005]: DBus support enabled: connected to system bus Mar 12 12:00:42 main.HOME.SystemI.ca dnsmasq[8005]: asynchronous logging enabled, queue limit is 5 messages Mar 12 12:00:42 main.HOME.SystemI.ca dnsmasq[8005]: reading /etc/resolv.conf Mar 12 12:00:42 main.HOME.SystemI.ca dnsmasq[8005]: using nameserver 8.8.8.8#53 Mar 12 12:00:42 main.HOME.SystemI.ca dnsmasq[8005]: using nameserver 8.8.4.4#53 Mar 12 12:00:42 main.HOME.SystemI.ca dnsmasq[8005]: read /etc/hosts - 18 addresses Mar 12 12:00:42 main.HOME.SystemI.ca dnsmasq[8005]: read /etc/dnsmasq.d/block.hosts.txt - 24619 addresses But if I ping that site or visit a page that uses it, this doens't work as I expect. # ping server-13-33-160-47.ord50.r.cloudfront.net PING server-13-33-160-47.ord50.r.cloudfront.net (13.33.160.47) 56(84) bytes of data. 64 bytes from server-13-33-160-47.ord50.r.cloudfront.net (13.33.160.47): icmp_seq=1 ttl=246 time=23.4 ms 64 bytes from server-13-33-160-47.ord50.r.cloudfront.net (13.33.160.47): icmp_seq=2 ttl=246 time=32.0 ms 64 bytes from server-13-33-160-47.ord50.r.cloudfront.net (13.33.160.47): icmp_seq=3 ttl=246 time=22.8 ms 64 bytes from server-13-33-160-47.ord50.r.cloudfront.net (13.33.160.47): icmp_seq=4 ttl=246 time=32.4 ms 64 bytes from server-13-33-160-47.ord50.r.cloudfront.net (13.33.160.47): icmp_seq=5 ttl=246 time=30.2 ms How come DnsMasq isn't serving up 127.0.0.0 becuase it is using namesever 8.8.8.8? Well if I try putting 127.0.0.1 ahead of that in the /etc/resolv.conf I get Mar 12 12:15:09 main.HOME.SystemI.ca dnsmasq[8005]: ignoring nameserver 127.0.0.1 - local interface What am I missing? Is this caching problem? How do I flush cache? -- A: Yes. > Q: Are you sure? >> A: Because it reverses the logical flow of conversation. >>> Q: Why is top posting frowned upon? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Anton Aylward wrote: [snip]
What am I missing? Is this caching problem? How do I flush cache?
Maybe "nscd -i hosts" or just restart nscd. -- Per Jessen, Zürich (10.2°C) http://www.dns24.ch/ - free dynamic DNS, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 12/03/18 01:01 PM, Per Jessen wrote:
Anton Aylward wrote:
[snip]
What am I missing? Is this caching problem? How do I flush cache?
Maybe "nscd -i hosts" or just restart nscd.
The 'ps' listing says that I'm not running 'nscd'. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Anton Aylward wrote:
On 12/03/18 01:01 PM, Per Jessen wrote:
Anton Aylward wrote:
[snip]
What am I missing? Is this caching problem? How do I flush cache?
Maybe "nscd -i hosts" or just restart nscd.
The 'ps' listing says that I'm not running 'nscd'.
Okay. and you have 127.0.0.1 as the nameserver in /etc/resolv.conf? -- Per Jessen, Zürich (9.1°C) http://www.cloudsuisse.com/ - your owncloud, hosted in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 12/03/18 01:50 PM, Per Jessen wrote:
Anton Aylward wrote:
On 12/03/18 01:01 PM, Per Jessen wrote:
Anton Aylward wrote:
[snip]
What am I missing? Is this caching problem? How do I flush cache?
Maybe "nscd -i hosts" or just restart nscd.
The 'ps' listing says that I'm not running 'nscd'.
Okay.
and you have 127.0.0.1 as the nameserver in /etc/resolv.conf?
No. NetworkManager generates that file and that isn't in it. If I put it in there manually then when DNSMasq starts it throw it out, as I said in my original post:
Mar 12 12:15:09 main.HOME.SystemI.ca dnsmasq[8005]: ignoring nameserver 127.0.0.1 - local interface
-- A: Yes. > Q: Are you sure? >> A: Because it reverses the logical flow of conversation. >>> Q: Why is top posting frowned upon? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Hello, On Mon, 12 Mar 2018, Anton Aylward wrote:
On 12/03/18 01:50 PM, Per Jessen wrote: [..]
and you have 127.0.0.1 as the nameserver in /etc/resolv.conf?
No. NetworkManager generates that file and that isn't in it.
What's in your /etc/nsswitch.conf? And what is the output of: $ nslookup opensuse.org If that does not output: Server: 127.0.0.1 Address: 127.0.0.1#53 Non-authoritative answer: Name: opensuse.org Address: 130.57.66.19 then your resolv.conf/NM/nsswitch setup is broken and are not using dnsmasq as NS. You'll need to configure NM to use localhost or get rid of NM.
If I put it in there manually then when DNSMasq starts it throw it out, as I said in my original post:
Mar 12 12:15:09 main.HOME.SystemI.ca dnsmasq[8005]: ignoring nameserver 127.0.0.1 - local interface
That's normal. Without dnsmasq ignoring that it'd ask itself which'd ask itself and itself and itself ... -dnh --
I'm an idiot.. At least this [bug] took about 5 minutes to find.. Disquieting ... -- Gonzalo Tornaria in response to Linus Torvalds's
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 12/03/18 03:31 PM, David Haller wrote:
Hello,
On Mon, 12 Mar 2018, Anton Aylward wrote:
On 12/03/18 01:50 PM, Per Jessen wrote: [..]
and you have 127.0.0.1 as the nameserver in /etc/resolv.conf?
No. NetworkManager generates that file and that isn't in it.
What's in your /etc/nsswitch.conf?
And what is the output of:
$ nslookup opensuse.org
If that does not output:
Server: 127.0.0.1 Address: 127.0.0.1#53
Non-authoritative answer: Name: opensuse.org Address: 130.57.66.19
then your resolv.conf/NM/nsswitch setup is broken and are not using dnsmasq as NS. You'll need to configure NM to use localhost or get rid of NM.
# nslookup opensuse.org Server: 8.8.8.8 Address: 8.8.8.8#53 Non-authoritative answer: Name: opensuse.org Address: 130.57.66.19 However I can't see getting rid of NM. I'm unsure whether the 8.8.8.* address come from /etc/sysconfig/network/config:NETCONFIG_DNS_STATIC_SERVERS="8.8.8.8 8.8.4.4" or /etc/NetworkManager/system-connections/ethernet-1:dns=8.8.8.8;8.8.4.4; or if the latter is generated.
If I put it in there manually then when DNSMasq starts it throw it out, as I said in my original post:
Mar 12 12:15:09 main.HOME.SystemI.ca dnsmasq[8005]: ignoring nameserver 127.0.0.1 - local interface
That's normal. Without dnsmasq ignoring that it'd ask itself which'd ask itself and itself and itself ...
-dnh
-- A: Yes. > Q: Are you sure? >> A: Because it reverses the logical flow of conversation. >>> Q: Why is top posting frowned upon? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Hello, On Mon, 12 Mar 2018, Anton Aylward wrote:
On 12/03/18 03:31 PM, David Haller wrote:
On Mon, 12 Mar 2018, Anton Aylward wrote:
On 12/03/18 01:50 PM, Per Jessen wrote: [..]
and you have 127.0.0.1 as the nameserver in /etc/resolv.conf?
No. NetworkManager generates that file and that isn't in it.
What's in your /etc/nsswitch.conf?
And what is the output of:
$ nslookup opensuse.org
If that does not output:
Server: 127.0.0.1 Address: 127.0.0.1#53
Non-authoritative answer: Name: opensuse.org Address: 130.57.66.19
then your resolv.conf/NM/nsswitch setup is broken and are not using dnsmasq as NS. You'll need to configure NM to use localhost or get rid of NM.
# nslookup opensuse.org Server: 8.8.8.8 Address: 8.8.8.8#53
Non-authoritative answer: Name: opensuse.org Address: 130.57.66.19
Bingo. You're not using dnsmasq.
However I can't see getting rid of NM.
Why? Laptop in changing nets? I set up my net by a hand-crafted script. It's not that much. modprobe, ifconfig .. up / ip link add, route, and some odd & ends.
I'm unsure whether the 8.8.8.* address come from
/etc/sysconfig/network/config:NETCONFIG_DNS_STATIC_SERVERS="8.8.8.8 8.8.4.4"
Probably that.
or /etc/NetworkManager/system-connections/ethernet-1:dns=8.8.8.8;8.8.4.4;
or if the latter is generated.
Why not just change both? For free servers that do not track see my answer to Carlos. -dnh -- The new Linux anthem will be "He's an idiot, but he's ok", as performed by Monthy Python. You'd better start practicing. -- Linus Torvalds, announcing another kernel patch -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2018-03-12 19:47, Anton Aylward wrote:
On 12/03/18 01:50 PM, Per Jessen wrote:
Anton Aylward wrote:
...
and you have 127.0.0.1 as the nameserver in /etc/resolv.conf?
No. NetworkManager generates that file and that isn't in it. If I put it in there manually then when DNSMasq starts it throw it out, as I said in my original post:
In one machine (the server) I have: ... ### Please remove (at least) this line when you modify the file! search Valinor #nameserver 192.168.1.16 nameserver 127.0.0.1 and it is working, but it doesn't use network manager. In YaST network settings, I said to use "127.0.0.1", but I think I edited that file manually as well, in which case I should edit out one line - doing it now.
Mar 12 12:15:09 main.HOME.SystemI.ca dnsmasq[8005]: ignoring nameserver 127.0.0.1 - local interface
That only means that dnsmasq itself will not query 127.0.0.1 On /etc/dnsmasq.conf I have this line somewhere: #CER server=192.168.1.1 And that's it. dnsmasq queries my router for information. I might instead check what the router queries and do it myself instead: 80.58.61.250 80.58.61.254 My router has set static DNS servers, anyway, not taken from the WAN info. Done. On my laptop I have: minas-tirith:~ # cat /etc/resolv.conf # Generated by NetworkManager search valinor nameserver 127.0.0.1 minas-tirith:~ # Ie, the entire file. I don't remember if I configured network manager to do that, and I'm not in that room - I'll check later. On /etc/dnsmasq.conf I have: #CER server=8.8.8.8 server=8.8.4.4 which I do not like, but I did as I move the laptop with different ISP. The assignment to dnsmasq should be dynamic. I did that temporarily to think about later, but I forgot. The trick would be, perhaps, in this: # Change this line if you want dns to get its upstream servers from # somewhere other that /etc/resolv.conf #resolv-file= That file should list the external dns servers that dns would query, and it would be wonderful if network manager wrote it. We might also do this: # If you don't want dnsmasq to read /etc/resolv.conf or any other # file, getting its servers from this file instead (see below), then # uncomment this. #CER #no-resolv which would avoid the message about the 127.0.0.1 being ignored - but I worry about the "any other file" thing. My initials there may mean that I tried, then undid. I saw this: # Add domains which you want to force to an IP address here. # The example below send any host in double-click.net to a local # web-server. #address=/double-click.net/127.0.0.1 -- Cheers / Saludos, Carlos E. R. (from 42.2 x86_64 "Malachite" at Telcontar)
Hello, On Mon, 12 Mar 2018, Carlos E. R. wrote: [..]
On /etc/dnsmasq.conf I have:
#CER server=8.8.8.8 server=8.8.4.4
which I do not like, but I did as I move the laptop with different ISP. The assignment to dnsmasq should be dynamic. I did that temporarily to think about later, but I forgot.
Here's some more servers from my config (pruning my router): ==== # resolver4.opendns.com server=208.67.222.222 # resolver2.opendns.com server=208.67.222.220 # http://www.privacyfoundation.ch/ server=77.109.138.45 server=77.109.138.29 # https://digitalcourage.de/support/zensurfreier-dns-server server=85.214.20.141 ====
The trick would be, perhaps, in this:
# Change this line if you want dns to get its upstream servers from # somewhere other that /etc/resolv.conf #resolv-file=
That file should list the external dns servers that dns would query, and it would be wonderful if network manager wrote it.
Just use server= directives in dnsmasq.conf.
# If you don't want dnsmasq to read /etc/resolv.conf or any other # file, getting its servers from this file instead (see below), then # uncomment this. #CER #no-resolv
You want that (and use server=).
which would avoid the message about the 127.0.0.1 being ignored - but I worry about the "any other file" thing.
I guess it just means that it ignores /etc/resolv.conf and "resolv-file="-directives.
My initials there may mean that I tried, then undid.
# delcomments /etc/dnsmasq.conf | grep -v server domain-needed bogus-priv strict-order no-resolv no-poll interface=lo bind-interfaces cache-size=500 conf-dir=/etc/dnsmasq.d,*.conf (For servers, see above). HTH, -dnh -- / "I dunno, it strikes me that whatever direction you read the Bible, \ \ it ends with the destruction of the world." -- Dave Brown / -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 12/03/18 04:11 PM, David Haller wrote:
Here's some more servers from my config (pruning my router):
==== # resolver4.opendns.com server=208.67.222.222 # resolver2.opendns.com server=208.67.222.220 # http://www.privacyfoundation.ch/ server=77.109.138.45 server=77.109.138.29 # https://digitalcourage.de/support/zensurfreier-dns-server server=85.214.20.141 ====
OK included that. O hand edited /etc/resolv.conf taling out the 8.8.* and putting in 127.0.0.1 I'll have to gifure out how to do that at boot time next. Now I get # nslookup opensuse.org Server: 127.0.0.1 Address: 127.0.0.1#53 Non-authoritative answer: Name: opensuse.org Address: 130.57.66.19 OK, procedding cautiosly. -- A: Yes. > Q: Are you sure? >> A: Because it reverses the logical flow of conversation. >>> Q: Why is top posting frowned upon? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Monday, 2018-03-12 at 16:33 -0400, Anton Aylward wrote:
O hand edited /etc/resolv.conf taling out the 8.8.* and putting in 127.0.0.1
I'll have to gifure out how to do that at boot time next.
No, if you change the file manually network manager should leave it alone. Or, perhaps there is a configuration in network manager to use 127.* - -- Cheers, Carlos E. R. (from openSUSE 42.3 x86_64 "Malachite" at Telcontar) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iEYEARECAAYFAlqm5oEACgkQtTMYHG2NR9V4XACfcjmo2VAhUbMZ+sV7wLc2A4gt AtkAn14ZuKWZPmlCXsb7H3Y3OKLyFh/S =OXz2 -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Hello, On Mon, 12 Mar 2018, Carlos E. R. wrote:
On Monday, 2018-03-12 at 16:33 -0400, Anton Aylward wrote:
O hand edited /etc/resolv.conf taling out the 8.8.* and putting in 127.0.0.1
I'll have to gifure out how to do that at boot time next.
No, if you change the file manually network manager should leave it alone.
Or, perhaps there is a configuration in network manager to use 127.*
Or change that /etc/sysconfig/ variable you found. Or, if you do not actually need it (see elsewhere) just disable or even uninstall NM, depends on your setup and what you'd do manually on changing networks ;) Even getting an link up and running manually is not that hard[1]. But let's check on that after you've got dnsmasq working (even if only manually editing resolv.conf after NM has done its thing for now). There's more "hacks" possible (e.g. chattr ;) but let's check that NM stuff first. -dnh [1] I've no experience with WiFi/iwlconfig though -- My house, my rules. If they ignore the tiny little signs posted outside saying "No arachnids, this means *YOU*, violators will be flattened" it's not my lookout. -- dpm -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
* David Haller <dnh@opensuse.org> [03-12-18 17:15]:
Hello,
On Mon, 12 Mar 2018, Carlos E. R. wrote:
On Monday, 2018-03-12 at 16:33 -0400, Anton Aylward wrote:
O hand edited /etc/resolv.conf taling out the 8.8.* and putting in 127.0.0.1
I'll have to gifure out how to do that at boot time next.
No, if you change the file manually network manager should leave it alone.
Or, perhaps there is a configuration in network manager to use 127.*
Or change that /etc/sysconfig/ variable you found.
Or, if you do not actually need it (see elsewhere) just disable or even uninstall NM, depends on your setup and what you'd do manually on changing networks ;)
Even getting an link up and running manually is not that hard[1]. But let's check on that after you've got dnsmasq working (even if only manually editing resolv.conf after NM has done its thing for now).
There's more "hacks" possible (e.g. chattr ;) but let's check that NM stuff first.
-dnh
[1] I've no experience with WiFi/iwlconfig though
use "yast lan" network settings "overview" edit wireless device -> next Scan Network pick where you want to connect and enter key type/passwd -- (paka)Patrick Shanahan Plainfield, Indiana, USA @ptilopteri http://en.opensuse.org openSUSE Community Member facebook/ptilopteri Registered Linux User #207535 @ http://linuxcounter.net Photos: http://wahoo.no-ip.org/piwigo paka @ IRCnet freenode -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Anton Aylward wrote:
On 12/03/18 01:50 PM, Per Jessen wrote:
Anton Aylward wrote:
On 12/03/18 01:01 PM, Per Jessen wrote:
Anton Aylward wrote:
[snip]
What am I missing? Is this caching problem? How do I flush cache?
Maybe "nscd -i hosts" or just restart nscd.
The 'ps' listing says that I'm not running 'nscd'.
Okay.
and you have 127.0.0.1 as the nameserver in /etc/resolv.conf?
No. NetworkManager generates that file and that isn't in it. If I put it in there manually then when DNSMasq starts it throw it out, as I said in my original post:
I guess you have solved this by now, but when dnsmasq is serving dns lookups on 127.0.0.1, that is what you need in /etc/resolv.conf - that's what I have in mine. -- Per Jessen, Zürich (7.2°C) http://www.dns24.ch/ - your free DNS host, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 13/03/18 02:26 AM, Per Jessen wrote:
and you have 127.0.0.1 as the nameserver in /etc/resolv.conf?
No. NetworkManager generates that file and that isn't in it. If I put it in there manually then when DNSMasq starts it throw it out, as I said in my original post:
I guess you have solved this by now, but when dnsmasq is serving dns lookups on 127.0.0.1, that is what you need in /etc/resolv.conf - that's what I have in mine.
This morning I have ======================= # cat /etc/resolv.conf # Generated by NetworkManager search HOME.systemi.ca HOME.SystemI.ca nameserver 127.0.0.1 ====================== The irony is that I have ======================== # systemctl status dnsmasq.service * dnsmasq.service - DNS caching server. Loaded: loaded (/usr/lib/systemd/system/dnsmasq.service; enabled; vendor preset: disabled) Drop-In: /run/systemd/generator/dnsmasq.service.d `-50-insserv.conf-$named.conf Active: active (running) since Tue 2018-03-13 07:38:07 EDT; 37min ago Process: 1492 ExecStartPre=/usr/sbin/dnsmasq --test (code=exited, status=0/SUCCESS) Main PID: 1511 (dnsmasq) Tasks: 1 (limit: 512) CGroup: /system.slice/dnsmasq.service `-1511 /usr/sbin/dnsmasq --log-async --enable-dbus --keep-in-foreground Mar 13 07:38:07 main dnsmasq[1511]: read /etc/dnsmasq.d/block.hosts.txt - 24619 addresses Mar 13 07:38:09 main.HOME.SystemI.ca dnsmasq[1511]: no servers found in /etc/resolv.conf, will retry Mar 13 07:38:19 main.HOME.SystemI.ca dnsmasq[1511]: reading /etc/resolv.conf Mar 13 07:38:19 main.HOME.SystemI.ca dnsmasq[1511]: using nameserver 77.109.138.29#53 Mar 13 07:38:19 main.HOME.SystemI.ca dnsmasq[1511]: using nameserver 77.109.138.45#53 Mar 13 07:38:19 main.HOME.SystemI.ca dnsmasq[1511]: using nameserver 208.67.222.220#53 Mar 13 07:38:19 main.HOME.SystemI.ca dnsmasq[1511]: using nameserver 208.67.222.222#53 Mar 13 07:38:19 main.HOME.SystemI.ca dnsmasq[1511]: using nameserver 8.8.8.4#53 Mar 13 07:38:19 main.HOME.SystemI.ca dnsmasq[1511]: using nameserver 8.8.8.8#53 Mar 13 07:38:19 main.HOME.SystemI.ca dnsmasq[1511]: ignoring nameserver 127.0.0.1 - local interface ======================== The "using nameserver" etries are in the /etc/dnsmasq.onf courtesy of David Haller. But the "no servers found in /etc/resolv.conf, will retry" and the "ignoring nameserver 127.0.0.1 - local interface" would look like errors if it wasn't for the fact of this thread and the advice and the fact that it seems to work. What does the "status" show for you guys? -- Anton J Aylward Dodo Flight Research Laboratories Icarus Division North York Ontario -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Anton Aylward wrote:
On 13/03/18 02:26 AM, Per Jessen wrote:
and you have 127.0.0.1 as the nameserver in /etc/resolv.conf?
No. NetworkManager generates that file and that isn't in it. If I put it in there manually then when DNSMasq starts it throw it out, as I said in my original post:
I guess you have solved this by now, but when dnsmasq is serving dns lookups on 127.0.0.1, that is what you need in /etc/resolv.conf - that's what I have in mine.
This morning I have ======================= # cat /etc/resolv.conf # Generated by NetworkManager search HOME.systemi.ca HOME.SystemI.ca nameserver 127.0.0.1 ======================
Looks good.
Mar 13 07:38:19 main.HOME.SystemI.ca dnsmasq[1511]: using nameserver 77.109.138.29#53 Mar 13 07:38:19 main.HOME.SystemI.ca dnsmasq[1511]: using nameserver 77.109.138.45#53 Mar 13 07:38:19 main.HOME.SystemI.ca dnsmasq[1511]: using nameserver 208.67.222.220#53 Mar 13 07:38:19 main.HOME.SystemI.ca dnsmasq[1511]: using nameserver 208.67.222.222#53 Mar 13 07:38:19 main.HOME.SystemI.ca dnsmasq[1511]: using nameserver 8.8.8.4#53 Mar 13 07:38:19 main.HOME.SystemI.ca dnsmasq[1511]: using nameserver 8.8.8.8#53 Mar 13 07:38:19 main.HOME.SystemI.ca dnsmasq[1511]: ignoring nameserver 127.0.0.1 - local interface
Looks good.
The "using nameserver" etries are in the /etc/dnsmasq.onf courtesy of David Haller. But the "no servers found in /etc/resolv.conf, will retry"
That one does look odd.
and the "ignoring nameserver 127.0.0.1 - local interface" would look like errors if it wasn't for the fact of this thread and the advice and the fact that it seems to work.
That one is fine.
What does the "status" show for you guys?
I don't run it under systemd, but from /var/log/messages: dnsmasq[26549]: started, version 2.45 cachesize 150 dnsmasq[26549]: compile time options: IPv6 GNU-getopt no-ISC-leasefile no-DBus no-I18N TFTP dnsmasq[26549]: using nameserver 192.168.47.102#53 for domain 47.168.192.in-addr.arpa dnsmasq[26549]: using nameserver 192.168.47.101#53 for domain 47.168.192.in-addr.arpa dnsmasq[26549]: using nameserver 192.168.47.102#53 for domain infra.opensuse.org dnsmasq[26549]: using nameserver 192.168.47.101#53 for domain infra.opensuse.org dnsmasq[26549]: using nameserver 2a03:7520:4c68:1::1000#53 dnsmasq[26549]: using nameserver 192.168.211.254#53 dnsmasq[26549]: reading /etc/resolv.conf dnsmasq[26549]: ignoring nameserver 127.0.0.1 - local interface dnsmasq[26549]: using nameserver 192.168.47.102#53 for domain 47.168.192.in-addr.arpa dnsmasq[26549]: using nameserver 192.168.47.101#53 for domain 47.168.192.in-addr.arpa dnsmasq[26549]: using nameserver 192.168.47.102#53 for domain infra.opensuse.org dnsmasq[26549]: using nameserver 192.168.47.101#53 for domain infra.opensuse.org dnsmasq[26549]: using nameserver 2a03:7520:4c68:1::1000#53 dnsmasq[26549]: using nameserver 192.168.211.254#53 dnsmasq[26549]: cleared cache -- Per Jessen, Zürich (7.8°C) http://www.hostsuisse.com/ - virtual servers, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Hello, On Tue, 13 Mar 2018, Per Jessen wrote:
Anton Aylward wrote: [..]
dnsmasq[1511]: ignoring nameserver 127.0.0.1 - local interface
Looks good.
The "using nameserver" etries are in the /etc/dnsmasq.onf courtesy of David Haller. But the "no servers found in /etc/resolv.conf, will retry"
That one does look odd.
Perfectly normal if the ignored "nameserver 127.0.0.1" is the only entry in resolv.conf. -dnh -- alias woman='man -a' -- Volker Birk -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
David Haller wrote:
Hello,
On Tue, 13 Mar 2018, Per Jessen wrote:
Anton Aylward wrote: [..]
dnsmasq[1511]: ignoring nameserver 127.0.0.1 - local interface
Looks good.
The "using nameserver" etries are in the /etc/dnsmasq.onf courtesy of David Haller. But the "no servers found in /etc/resolv.conf, will retry"
That one does look odd.
Perfectly normal if the ignored "nameserver 127.0.0.1" is the only entry in resolv.conf.
I have just a "search" entry and "nameserver 127.0.0.1", but I don't get that message when I start dnsmasq. It sounds odd to say "nothing found, will retry". -- Per Jessen, Zürich (6.8°C) http://www.hostsuisse.com/ - virtual servers, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 13/03/18 10:05 PM, David Haller wrote:
Hello,
On Tue, 13 Mar 2018, Per Jessen wrote:
Anton Aylward wrote: [..]
dnsmasq[1511]: ignoring nameserver 127.0.0.1 - local interface
Looks good.
The "using nameserver" etries are in the /etc/dnsmasq.onf courtesy of David Haller. But the "no servers found in /etc/resolv.conf, will retry"
That one does look odd.
Perfectly normal if the ignored "nameserver 127.0.0.1" is the only entry in resolv.conf.
Yes * know that, on re-reading (my bad!) the MAN page it recommends having just that entry, from a prima facia POV, if debugging via the logs, it does seem alarming. -- A: Yes. > Q: Are you sure? >> A: Because it reverses the logical flow of conversation. >>> Q: Why is top posting frowned upon? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2018-03-13 16:02, Anton Aylward wrote:
On 13/03/18 10:01 AM, Carlos E. R. wrote:
I don't boot every day :-P
Lucky you, having a no-cost electricity supply.
Nonononono. I hibernate or suspend my machines. :-) Except the server, it is doing things 24*7 except when the job hangs. -- Cheers / Saludos, Carlos E. R. (from 42.2 x86_64 "Malachite" at Telcontar)
Now I can't access many sites. I think this has to do with adblocking So I get newsfeed from "pocket". One of the article point to the Wall Street Journal But when I click on it the link requires an indirection befoer I get to the WSJ And so I get ================================= This site can’t be reached ad.doubleclick.net refused to connect. Try: Checking the connection Checking the proxy and the firewall ERR_CONNECTION_REFUSED ================================= that's at https://ad.doubleclick.net/ddm/clk/415206270;216317318;u It doens't matter what web browser I use, so it must have something to do with this DNS. I HATE this sort of thing! -- A: Yes. > Q: Are you sure? >> A: Because it reverses the logical flow of conversation. >>> Q: Why is top posting frowned upon? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2018-03-13 19:56, Anton Aylward wrote:
Now I can't access many sites. I think this has to do with adblocking
So I get newsfeed from "pocket". One of the article point to the Wall Street Journal But when I click on it the link requires an indirection befoer I get to the WSJ And so I get
================================= This site can’t be reached ad.doubleclick.net refused to connect. Try: Checking the connection Checking the proxy and the firewall ERR_CONNECTION_REFUSED ================================= that's at https://ad.doubleclick.net/ddm/clk/415206270;216317318;u
It doens't matter what web browser I use, so it must have something to do with this DNS. I HATE this sort of thing!
Obviously. You are using a DNS block list that blocks ad.doubleclick.net. Unblock it. -- Cheers / Saludos, Carlos E. R. (from 42.2 x86_64 "Malachite" at Telcontar)
On 13/03/18 03:01 PM, Carlos E. R. wrote:
Obviously. You are using a DNS block list that blocks ad.doubleclick.net.
Unblock it.
I know that! I just don't like this indirection with doubleclick recording the fact that I visited another site. -- A: Yes. > Q: Are you sure? >> A: Because it reverses the logical flow of conversation. >>> Q: Why is top posting frowned upon? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2018-03-13 23:45, Anton Aylward wrote:
On 13/03/18 03:01 PM, Carlos E. R. wrote:
Obviously. You are using a DNS block list that blocks ad.doubleclick.net.
Unblock it.
I know that!
I just don't like this indirection with doubleclick recording the fact that I visited another site.
Ahhhh! None likes it, once we know about it. You could then "open a private window" in Firefox. There is a chance than cookies do not survive long. Specially if you right click on the link, copy to clickboard, then open another private window. I think I saw somewhere about making private windows the default :-? -- Cheers / Saludos, Carlos E. R. (from 42.2 x86_64 "Malachite" at Telcontar)
Next up: When I visit any Amazon site I get a text-only view of things. Something is messing with the style sheet or filtering it out and I can't see what. So I've simply restored all of the "amazon.com" entries. The "amazon.ca" was OK. I can't see DNSMasq logging what it's doing in detail. Does this require some sort of debug function? -- A: Yes. > Q: Are you sure? >> A: Because it reverses the logical flow of conversation. >>> Q: Why is top posting frowned upon? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Anton Aylward wrote:
Next up:
When I visit any Amazon site I get a text-only view of things. Something is messing with the style sheet or filtering it out and I can't see what.
Isn't it likely to be dnsmasq ? :-) I mean, one of your blocklist entries?
So I've simply restored all of the "amazon.com" entries.
The "amazon.ca" was OK.
I can't see DNSMasq logging what it's doing in detail. Does this require some sort of debug function?
man dnsmasq ? You can turn on query logging or run dnsmasq in debug mode. I would probably start with query logging. -- Per Jessen, Zürich (5.1°C) http://www.dns24.ch/ - free dynamic DNS, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 14/03/18 02:46 AM, Per Jessen wrote:
Anton Aylward wrote:
Next up:
When I visit any Amazon site I get a text-only view of things. Something is messing with the style sheet or filtering it out and I can't see what.
Isn't it likely to be dnsmasq ? :-) I mean, one of your blocklist entries?
So I've simply restored all of the "amazon.com" entries.
The "amazon.ca" was OK.
I can't see DNSMasq logging what it's doing in detail. Does this require some sort of debug function?
man dnsmasq ?
You can turn on query logging or run dnsmasq in debug mode. I would probably start with query logging.
And drown in log entries! This approach is a n 'all or nothing'. I just want to see the specific hits on redirection. Other network applications, Postfix comes to mind, have levels of logging, masks or similar. -- A: Yes. > Q: Are you sure? >> A: Because it reverses the logical flow of conversation. >>> Q: Why is top posting frowned upon? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
* Anton Aylward <opensuse@antonaylward.com> [03-14-18 08:37]:
On 14/03/18 02:46 AM, Per Jessen wrote:
Anton Aylward wrote:
Next up:
When I visit any Amazon site I get a text-only view of things. Something is messing with the style sheet or filtering it out and I can't see what.
Isn't it likely to be dnsmasq ? :-) I mean, one of your blocklist entries?
So I've simply restored all of the "amazon.com" entries.
The "amazon.ca" was OK.
I can't see DNSMasq logging what it's doing in detail. Does this require some sort of debug function?
man dnsmasq ?
You can turn on query logging or run dnsmasq in debug mode. I would probably start with query logging.
And drown in log entries! This approach is a n 'all or nothing'. I just want to see the specific hits on redirection.
Other network applications, Postfix comes to mind, have levels of logging, masks or similar.
chg conf to log, chg conf to not log. examine log there is less/more/most/grep. are you "shooting the messinger" or trying to solve a problem? -- (paka)Patrick Shanahan Plainfield, Indiana, USA @ptilopteri http://en.opensuse.org openSUSE Community Member facebook/ptilopteri Registered Linux User #207535 @ http://linuxcounter.net Photos: http://wahoo.no-ip.org/piwigo paka @ IRCnet freenode -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Patrick Shanahan wrote:
* Anton Aylward <opensuse@antonaylward.com> [03-14-18 08:37]:
On 14/03/18 02:46 AM, Per Jessen wrote:
Anton Aylward wrote:
Next up:
When I visit any Amazon site I get a text-only view of things. Something is messing with the style sheet or filtering it out and I can't see what.
Isn't it likely to be dnsmasq ? :-) I mean, one of your blocklist entries?
So I've simply restored all of the "amazon.com" entries.
The "amazon.ca" was OK.
I can't see DNSMasq logging what it's doing in detail. Does this require some sort of debug function?
man dnsmasq ?
You can turn on query logging or run dnsmasq in debug mode. I would probably start with query logging.
And drown in log entries! This approach is a n 'all or nothing'. I just want to see the specific hits on redirection.
Other network applications, Postfix comes to mind, have levels of logging, masks or similar.
chg conf to log, chg conf to not log. examine log. there is less/more/most/grep.
Exactly - maybe those "redirections" all resolve to the same ip? -- Per Jessen, Zürich (12.8°C) http://www.dns24.ch/ - your free DNS host, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 03/12/2018 09:24 AM, Anton Aylward wrote:
How come DnsMasq isn't serving up 127.0.0.0
becuase it is using namesever 8.8.8.8? Well if I try putting 127.0.0.1 ahead of that in the /etc/resolv.conf I get
Mar 12 12:15:09 main.HOME.SystemI.ca dnsmasq[8005]: ignoring nameserver 127.0.0.1 - local interface
What exactly is in your /etc/resolv.conf? The only nameserver entry should be: nameserver localhost You should put "nameserver 8.8.8.8" into another file, maybe /etc/resolv.wan, then point to that file in /etc/dnsmasq.conf: resolv-file=/etc/resolv.wan But why not just put your "127.0.0.1 server-13-33-160-47.ord50.r.cloudfront.net" directly into /etc/hosts? That should work well, no muss nor fuss. But what happens when your advert supplier moves to a different host? Have you tried uBlock Origin in your browser? Regards, Lew -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 12/03/18 02:08 PM, Lew Wolfgang wrote:
What exactly is in your /etc/resolv.conf? it is generated by the Networkmanager
The only nameserver entry should be:
nameserver localhost
You should put "nameserver 8.8.8.8" into another file, maybe /etc/resolv.wan, then point to that file in /etc/dnsmasq.conf:
resolv-file=/etc/resolv.wan
Instead of it using /etc/resolv.conf ? The MAN page says -r, --resolv-file=<file> Read the IP addresses of the upstream nameservers from <file>, instead of /etc/resolv.conf. Are you trying to say that the resolution path, when called by an application, goes gethostbyname -> /etc/resolv.conf -> localhost -> (alias) 127.0.0.1 -> DNSMasq listens on 127.0.0.1 -> DNSmasq gets file /etc/resolv.wan -> 8.8.8.8 Sorry, I don't see the point of the extra indirection. I note that the *applications* are guided by /etc/nsswitch.conf Mabye that is what matters?
But why not just put your "127.0.0.1 server-13-33-160-47.ord50.r.cloudfront.net" directly into /etc/hosts? That should work well, no muss nor fuss.
Along with the other 24619 addresses that I currently have, seperately, in /etc/dnsmasq.d/block.hosts.txt ? No, I don't think so. And anyway, it gets clobbered on reboot by NetworkManager.
But what happens when your advert supplier moves to a different host? Have you tried uBlock Origin in your browser?
Regards, Lew
-- A: Yes. > Q: Are you sure? >> A: Because it reverses the logical flow of conversation. >>> Q: Why is top posting frowned upon? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Hello, On Mon, 12 Mar 2018, Anton Aylward wrote:
On 12/03/18 02:08 PM, Lew Wolfgang wrote:
What exactly is in your /etc/resolv.conf? it is generated by the Networkmanager
So what?? WHAT IS IN IT! (no matter how it gets there), So what does NM write into it? localhost/127.0.0.1/::1? Or something else?
The only nameserver entry should be:
nameserver localhost
You should put "nameserver 8.8.8.8" into another file, maybe /etc/resolv.wan, then point to that file in /etc/dnsmasq.conf:
resolv-file=/etc/resolv.wan
You should use 'server=' directives in dnsmasq.conf...
Instead of it using /etc/resolv.conf ?
The MAN page says -r, --resolv-file=<file> Read the IP addresses of the upstream nameservers from <file>, instead of /etc/resolv.conf.
See above.
Are you trying to say that the resolution path, when called by an application, goes
gethostbyname -> /etc/resolv.conf -> localhost -> (alias) 127.0.0.1 -> DNSMasq listens on 127.0.0.1 -> DNSmasq gets file /etc/resolv.wan -> 8.8.8.8
Sorry, I don't see the point of the extra indirection. I note that the *applications* are guided by /etc/nsswitch.conf Mabye that is what matters?
My setup is: gethostbyname -> /etc/{nsswitch,resolv}.conf -> dnsmasq -> uses dnsmasq.conf and dnsmasq.d/*.conf -> upstream NS BTW: I would not use googles NS unless it was the only NS remaining.
But why not just put your "127.0.0.1 server-13-33-160-47.ord50.r.cloudfront.net" directly into /etc/hosts? That should work well, no muss nor fuss.
Along with the other 24619 addresses that I currently have, seperately, in /etc/dnsmasq.d/block.hosts.txt ?
Using "wildcards" i.e. address= entries for dnsmasq, that will probably boil down to a fraction of those entries. But, yes, if you use ready-made hosts files from e.g. adblocking projects, then do use that feature of additional hosts file(s). -dnh -- No, it's a small country on the South American Ivory Coast, just to the left of the Caucasus, with penguin wool and yucca meat as primary exports. -- H. Ekker on the question if Austria is in Europe -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 12/03/18 03:24 PM, David Haller wrote:
Hello,
On Mon, 12 Mar 2018, Anton Aylward wrote:
On 12/03/18 02:08 PM, Lew Wolfgang wrote:
What exactly is in your /etc/resolv.conf? it is generated by the Networkmanager
So what?? WHAT IS IN IT! (no matter how it gets there), So what does NM write into it? localhost/127.0.0.1/::1? Or something else?
# cat /etc/resolv.conf # Generated by NetworkManager search HOME.systemi.ca HOME.SystemI.ca nameserver 8.8.8.8 nameserver 8.8.4.4 happy now?
The only nameserver entry should be:
nameserver localhost
You should put "nameserver 8.8.8.8" into another file, maybe /etc/resolv.wan, then point to that file in /etc/dnsmasq.conf:
resolv-file=/etc/resolv.wan
You should use 'server=' directives in dnsmasq.conf...
My setup is:
gethostbyname -> /etc/{nsswitch,resolv}.conf -> dnsmasq -> uses dnsmasq.conf and dnsmasq.d/*.conf -> upstream NS
Sorry, I forgot nsswitch in my flow chart. # grep hosts /etc/nsswitch.conf hosts: files mdns_minimal [NOTFOUND=return] dns
Using "wildcards" i.e. address= entries for dnsmasq, that will probably boil down to a fraction of those entries.
But, yes, if you use ready-made hosts files from e.g. adblocking projects, then do use that feature of additional hosts file(s).
I forget which 'adblocking' site I got that base file from, a long time ago (it might have been yoyo.org, but maybe not) but that was the way they recommended it be set up back then. But the point is that dnsmasq successfully read in the .txt file that was in hosts.txt format and reported the number of entries it had accepted. Ah: must remember this for when I switch to Chrome(ium) https://wccftech.com/how-to-fix-dns-based-ad-blockers-on-chrome/ -- A: Yes. > Q: Are you sure? >> A: Because it reverses the logical flow of conversation. >>> Q: Why is top posting frowned upon? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2018-03-12 21:05, Anton Aylward wrote:
On 12/03/18 03:24 PM, David Haller wrote:
Hello,
On Mon, 12 Mar 2018, Anton Aylward wrote:
On 12/03/18 02:08 PM, Lew Wolfgang wrote:
What exactly is in your /etc/resolv.conf? it is generated by the Networkmanager
So what?? WHAT IS IN IT! (no matter how it gets there), So what does NM write into it? localhost/127.0.0.1/::1? Or something else?
# cat /etc/resolv.conf # Generated by NetworkManager search HOME.systemi.ca HOME.SystemI.ca nameserver 8.8.8.8 nameserver 8.8.4.4
It must be: 127.0.0.1
happy now?
Yes, because that is your problem. dnsmasq is bypassed. -- Cheers / Saludos, Carlos E. R. (from 42.2 x86_64 "Malachite" at Telcontar)
Hello, On Mon, 12 Mar 2018, Anton Aylward wrote:
On 12/03/18 03:24 PM, David Haller wrote:
On Mon, 12 Mar 2018, Anton Aylward wrote:
On 12/03/18 02:08 PM, Lew Wolfgang wrote:
What exactly is in your /etc/resolv.conf? it is generated by the Networkmanager
So what?? WHAT IS IN IT! (no matter how it gets there), So what does NM write into it? localhost/127.0.0.1/::1? Or something else?
# cat /etc/resolv.conf # Generated by NetworkManager search HOME.systemi.ca HOME.SystemI.ca nameserver 8.8.8.8 nameserver 8.8.4.4
happy now?
Yes :) So, NM generated that and it lacks the 127.0.0.1 pointing to dnsmasq.
My setup is:
gethostbyname -> /etc/{nsswitch,resolv}.conf -> dnsmasq -> uses dnsmasq.conf and dnsmasq.d/*.conf -> upstream NS
Sorry, I forgot nsswitch in my flow chart.
# grep hosts /etc/nsswitch.conf hosts: files mdns_minimal [NOTFOUND=return] dns
a) that's ok. So /etc/hosts has precedence over dns (i.e. dnsmasq or until you get NM configured the 8.8. google-DNSs). b) do you use mdns? I.e. are you using zeroconf/bonjour/avahi to get your stuff connected? If not, prune that line in nsswitch.conf so it reads just: ==== hosts: files dns ====
Using "wildcards" i.e. address= entries for dnsmasq, that will probably boil down to a fraction of those entries.
But, yes, if you use ready-made hosts files from e.g. adblocking projects, then do use that feature of additional hosts file(s).
I forget which 'adblocking' site I got that base file from, a long time ago (it might have been yoyo.org, but maybe not) but that was the way they recommended it be set up back then.
Yeah, it's ok, but ineffective for multi-hosts domains that you want to add yourself. Just think about doubleclick. I had this in my hosts: #127.0.1.1 ad.doubleclick.com ad.doubleclick.net ad.uk.doubleclick.net #127.0.1.1 ad-emea.doubleclick.net ad.de.doubleclick.net And that was just a subset. Now I just have address=/doubleclick.com/ address=/doubleclick.net/ and am done, no matter what hostnames get used under those domains.
But the point is that dnsmasq successfully read in the .txt file that was in hosts.txt format and reported the number of entries it had accepted.
Yeah, sure. Use it. Just don't "maintain" that file yourself. uBlock can also use some of those lists (e.g. http://hosts-file.net/).
Ah: must remember this for when I switch to Chrome(ium) https://wccftech.com/how-to-fix-dns-based-ad-blockers-on-chrome/
*Aargh* one more reason not to use either. And BTW: chromium is a bloat monster as bad as FF. Go ahead and take a look into the source tarballs of both. What they pack as 3rd party libs ... And BTW: QtWebEngine packs an (outdated) Chromium (including _that_ ones (outdated) 3rd party libs). And QtWebKit is an (outdated) WebKit. So beware of deps on those too. -dnh -- Intel engineering seem to have misheard Intel marketing strategy. The phrase was "Divide and conquer" not "Divide and cock up" -- Alan Cox, iialan@www.linux.org.uk -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 12/03/18 04:52 PM, David Haller wrote:
I forget which 'adblocking' site I got that base file from, a long time ago (it might have been yoyo.org, but maybe not) but that was the way they recommended it be set up back then. Yeah, it's ok, but ineffective for multi-hosts domains that you want to add yourself. Just think about doubleclick. I had this in my hosts:
#127.0.1.1 ad.doubleclick.com ad.doubleclick.net ad.uk.doubleclick.net #127.0.1.1 ad-emea.doubleclick.net ad.de.doubleclick.net
And that was just a subset. Now I just have
address=/doubleclick.com/ address=/doubleclick.net/
and am done, no matter what hostnames get used under those domains.
I don't see the difference between pointing DNSMasq at a file in hosts format or a file in address= format. I just took a look at yoyo.com and see that under the DNSMasq settings you can get either. -- A: Yes. > Q: Are you sure? >> A: Because it reverses the logical flow of conversation. >>> Q: Why is top posting frowned upon? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Hello, On Mon, 12 Mar 2018, Anton Aylward wrote:
On 12/03/18 04:52 PM, David Haller wrote:
I forget which 'adblocking' site I got that base file from, a long time ago (it might have been yoyo.org, but maybe not) but that was the way they recommended it be set up back then. Yeah, it's ok, but ineffective for multi-hosts domains that you want to add yourself. Just think about doubleclick. I had this in my hosts:
#127.0.1.1 ad.doubleclick.com ad.doubleclick.net ad.uk.doubleclick.net #127.0.1.1 ad-emea.doubleclick.net ad.de.doubleclick.net
And that was just a subset. Now I just have
address=/doubleclick.com/ address=/doubleclick.net/
and am done, no matter what hostnames get used under those domains.
I don't see the difference between pointing DNSMasq at a file in hosts format or a file in address= format.
AGAIN: a) with hosts, you can't get a NXDOMAIN, i.e. you _MUST_ specify an IP b) with hosts, you don't have wildcards, you _MUST_ specify _each and every single hostname_. A nice sample for what you find in websites, but what you might not all want to block is twitch. _ONE_ random page, saved, URIs extracted, excluding links to amazon and youtube: ==== hosts format ==== 127.1.2.3 api.twitch.tv 127.1.2.3 app.twitch.tv 127.1.2.3 blog.twitch.tv 127.1.2.3 cvp.twitch.tv 127.1.2.3 dev.twitch.tv 127.1.2.3 gql.twitch.tv 127.1.2.3 help.twitch.tv 127.1.2.3 irc-ws.chat.twitch.tv 127.1.2.3 music.twitch.tv 127.1.2.3 passport.twitch.tv 127.1.2.3 player.twitch.tv 127.1.2.3 polyfill.twitchsvc.net 127.1.2.3 pubsub-edge.twitch.tv 127.1.2.3 static-cdn.jtvnw.net 127.1.2.3 static.twitchcdn.net 127.1.2.3 twitch.amazon.com 127.1.2.3 twitch.tv 127.1.2.3 twitchadvertising.tv 127.1.2.3 www.twitch.tv ==== ==== address format ==== address=/twitch.tv/ address=/twitchsvc.net/ address=/twitchcdn.net/ address=/twitch.amazon.com/ address=/twitchadvertising.tv/ address=/jtvnw.net/ ==== Which format would you prefer to (manually) maintain?
I just took a look at yoyo.com and see that under the DNSMasq settings you can get either.
http://yoyo.com/ only redirects me to amazon. -dnh -- There's newbies, and then there's people with less internet clue than an amazonian tribesman who has never seen civilisation. -- Oueen of Swords -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 12/03/18 11:09 PM, David Haller wrote:
http://yoyo.com/ only redirects me to amazon.
Now THAT is interesting. 1. My mistake. yoyo.org or https://pgl.yoyo.org/adservers/serverlist.php 2. I think your DNS server is redirecting unised domains rather than NXDOMAIN some do that. i think it is nasty. -- A: Yes. > Q: Are you sure? >> A: Because it reverses the logical flow of conversation. >>> Q: Why is top posting frowned upon? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Tue, 13 Mar 2018 08:10:48 -0400 Anton Aylward <opensuse@antonaylward.com> wrote:
2. I think your DNS server is redirecting unised domains rather than NXDOMAIN some do that. i think it is nasty.
No, the company which owns yoyo.com is redirecting to Amazon. From the image on the resulting page, I think it sells children's bicycles or something. -- Liam Proven - Technical Writer, SUSE Linux s.r.o. Corso II, Křižíkova 148/34, 186-00 Praha 8 - Karlín, Czechia Email: lproven@suse.com - Office telephone: +420 284 241 084 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 12/03/18 11:09 PM, David Haller wrote:
==== address format ==== address=/twitch.tv/ address=/twitchsvc.net/ address=/twitchcdn.net/ address=/twitch.amazon.com/ address=/twitchadvertising.tv/ address=/jtvnw.net/ ====
Which format would you prefer to (manually) maintain?
I don't think that is wildcarding. I think it is handling of subdomains automatically. surely your DNS server should have that as an optoion? Surely it is an option of masking out domain trees. Wildcard would be "*.twitch*.*" -- A: Yes. > Q: Are you sure? >> A: Because it reverses the logical flow of conversation. >>> Q: Why is top posting frowned upon? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Hello, On Mon, 12 Mar 2018, Anton Aylward wrote:
What am I missing?
I am using the 'additional hosts' mechanism of DNSMasq to block adverts
Don't. The "hosts" syntax has no wildcards.
127.0.0.1 server-13-33-160-47.ord50.r.cloudfront.net [..] I restart dnsmasq and it confirms that it read that file
Ok. [..]
What am I missing? Is this caching problem? How do I flush cache?
I use an "include" file (via conf-dir) for blocking, and the address= mechanism: ==== /etc/dnsmasq.conf [pruned] ==== no-resolv [..] # resolver4.opendns.com server=208.67.222.222 # various more servers server=... [..] interface=lo # see manpage for the syntax of conf-dir= conf-dir=/etc/dnsmasq.d,*.conf # EOF ==== ==== /etc/dnsmasq.d/blocklist.conf [just 2 sample (wildcard) domains] ==== address=/doubleclick.com/ address=/doubleclick.net/ address=/fb.com/ address=/fb.me/ address=/fbcdn.net/ address=/facebook.com/ address=/facebook.net/ address=/facebook.de/ address=/facebook.fr/ address=/facebook.co.uk/ ==== That empty "IP" gives a immediate NXDOMAIN reply to whatever's asking for a A / AAAA record for any host under those domains: $ nslookup www.fb.me Server: 127.0.0.1 Address: 127.0.0.1#53 ** server can't find www.fb.me: NXDOMAIN $ Oh, BTW: ==== /etc/resolv.conf ==== nameserver 127.0.0.1 ==== For actual IPs, add them after the second slash, e.g. I used the following while the NS for gmane had a problem: ==== address=/news.gmane.org/195.159.176.226 ==== Blocking works also with any 127/8 IP, as in address=/fb.me/127.1.2.3 or whatever. HTH, -dnh -- The social dynamics of the net are a direct consequence of the fact that nobody has yet developed a Remote Strangulation Protocol. -- Larry Wall -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 12/03/18 03:06 PM, David Haller wrote:
Hello,
On Mon, 12 Mar 2018, Anton Aylward wrote:
What am I missing?
I am using the 'additional hosts' mechanism of DNSMasq to block adverts
Don't. The "hosts" syntax has no wildcards.
I'm not using wildcards so that advice isn't pertinent.
I use an "include" file (via conf-dir) for blocking, and the address= mechanism:
==== /etc/dnsmasq.conf [pruned] ==== no-resolv [..] # resolver4.opendns.com server=208.67.222.222 # various more servers server=... [..] interface=lo
# see manpage for the syntax of conf-dir= conf-dir=/etc/dnsmasq.d,*.conf # EOF ====
==== /etc/dnsmasq.d/blocklist.conf [just 2 sample (wildcard) domains] ==== address=/doubleclick.com/ address=/doubleclick.net/ address=/fb.com/
I have other stuff in /etc/dnsmasq.conf that I don't want played with. I suppose I can use conf-file=/etc/dnsmasq.d/<qhatever> OK, tried that, but "systemctl status" doesn't report it. No mention in /var/log/messages either -- A: Yes. > Q: Are you sure? >> A: Because it reverses the logical flow of conversation. >>> Q: Why is top posting frowned upon? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Hello, On Mon, 12 Mar 2018, Anton Aylward wrote:
On 12/03/18 03:06 PM, David Haller wrote: [..]
# see manpage for the syntax of conf-dir= conf-dir=/etc/dnsmasq.d,*.conf # EOF ====
==== /etc/dnsmasq.d/blocklist.conf [just 2 sample (wildcard) domains] ==== [..] I have other stuff in /etc/dnsmasq.conf that I don't want played with. I suppose I can use conf-file=/etc/dnsmasq.d/<qhatever>
Yes. Or use conf-dir as I do and name files whatever.conf (so whatever.conf~ or whatever.sample will be ignored).
OK, tried that, but "systemctl status" doesn't report it. No mention in /var/log/messages either
The file should be used. My blocklist-file is also not logged as being used, but it works. Seems dnsmasq just does not log it per default. You could turn up logging, but it's probably easier to just add a test-domain in that file, e.g.: address=/testing.example.com/127.99.98.97 restart dnsmasq and then try $ nslookup testing.example.com HTH, -dnh -- Who wants to remember that escape-x-alt-control-left shift-b puts you into super-edit-debug-compile mode? -- Discussion on the intuitiveness of commands, especially Emacs -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 12/03/18 05:02 PM, David Haller wrote:
Yes. Or use conf-dir as I do and name files whatever.conf (so whatever.conf~ or whatever.sample will be ignored).
My system was delivered with trust-anchors.conf -- A: Yes. > Q: Are you sure? >> A: Because it reverses the logical flow of conversation. >>> Q: Why is top posting frowned upon? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
participants (7)
-
Anton Aylward -
Carlos E. R. -
David Haller -
Lew Wolfgang -
Liam Proven -
Patrick Shanahan -
Per Jessen