Here is an example (the domains are fake, it's for demonstration purpose only):
The domain adcompany.com is in my blacklist, so it returns the IP of my Pi-Hole if I do a DNS query:
$ host adcompany.com
adcompany.com has address 192.168.1.10
But if I do a DNS query of ad.newspaper.com it doesn't get blocked by Pi-Hole even though it's simply an alias (CNAME) for adcompany.com:
$ host ad.newspaper.com
ad.newspaper.com is an alias for adcompany.com.
adcompany.com has address 6.6.6.6
What I would like that Pi-hole do is to check if the domain is a CNAME (in the example ad.newspaper.com) then comparing the domain that is aliased to (in the example adcompany.com) with my blacklist. If it is in my blacklist block the domain (by returning the IP of my Pi-hole).
Sure if you think that's better than the actual title.
I'm not actually good at giving a title for a topic but I do understand that some people may not understand correctly the current title.
Devices/services/apps without the ability to use browser extensions will be greatly affected once all the advertisers learn the trick. This is needed to stay on par with current functionality.
In the case presented above (output shortened for clarity), could the user not just block the original domain with a regex?
dig f7ds.liberation.fr
;; ANSWER SECTION:
f7ds.liberation.fr. 3600 IN CNAME liberation.eulerian.net.
liberation.eulerian.net. 7200 IN CNAME atc.eulerian.net.
atc.eulerian.net. 7200 IN A 109.232.197.179
The CNAME is pointing to a bad domain. Why not just add the CNAME to the blocklist/blacklist? Any other re-resolving of things is going to add layers and latency to things.
Check domain against black/block
Resolve domain
Check resolved domain against black/block
I'm not sure offhand if we can even get the intermediate CNAMEs from FTL either.
So something like:
Resolve f7ds.liberation.fr
If f7ds.liberation.fr is CNAME then check CNAME against blacklist
f7ds.liberation.fr is CNAME for liberation.eulerian.net.
If liberation.eulerian.net. is CNAME check against blacklist
liberation.eulerian.net. is CNAME for atc.eulerian.net
If atc.eulerian.net is CNAME check against blacklist
I'm not getting you. eulerian.net is now a regex? That adds even more complexity as regex has to be checked on every step.
The issue I see is that we can add code that increases complexity and potential for breakage. It would increase memory consumption as we would have to store the initial query target and then the intermediate targets with pointers back to the initial target to relate the queries all to each other. If there's a CNAME pointing to a CNAME (as in the example case) then we have a stack of queries that need to be kept in memory and linked with pointers to each other.
Or you can add the target to your blacklist. (Chances are that the list maintainers are going to add them anyways...)
First you have to understand what happening. You type in www.pi-hole.net and the CNAME makes you go to pi-hole.eulerian.net because you are using their services.
We don't want to end up with eulerian.net so we jump ship and can't visit www.pi-hole.net anymore.
I can't see that www.pi-hole.net is transfering to eurlerian and pi-hole self also not. The domain entered is www.pi-hole.net.
That's not what is happening here. Entire websites are not CNAMEd to another domain. If www.pi-hole.net was actually pi-hole.eulerian.net then the two are fully equivalent and you should not see anything from www.pi-hole.net anyways.
