We are trying to block the Zuckerberg s**t, he doesn’t get our data…
I noticed all of the NS servers, handling the domains we are trying to block, using regex or blocklist, are the same:
Since we are all using unbound, I was wondering, if it would not be possible to let unbound be responsible for the domain facebook.com (act as NS server) and reply all queries with either
0.0.0.0 (A) and
:: (AAAA) OR
NXDOMAIN. Since we are only dealing with port 53 DNS lookups, there are no certificats or anything else that would prevent this (I think).
I remember (but NOT where) @msatter was doing something like that when the first CNAME discussion appeared, it may not be applicable here.
Your thoughts please.