Facebook / alternate blocking approach / could it work?

jpgpi250 · February 20, 2020, 2:49pm

I don't want to interrupt our regex discussion, so opening a new topic for this (crazy?) idea
@anon55913113, @Bucking_Horn, @mmotti

We are trying to block the Zuckerberg s**t, he doesn't get our data...

I noticed all of the NS servers, handling the domains we are trying to block, using regex or blocklist, are the same:

Type	Domain Name	NS	TTL
NS	facebook.com	d.ns.facebook.com	20646
NS	facebook.com	c.ns.facebook.com	20646
NS	facebook.com	b.ns.facebook.com	20646
NS	facebook.com	a.ns.facebook.com	20646

Since we are all using unbound, I was wondering, if it would not be possible to let unbound be responsible for the domain facebook.com (act as NS server) and reply all queries with either 0.0.0.0 (A) and :: (AAAA) OR NXDOMAIN. Since we are only dealing with port 53 DNS lookups, there are no certificats or anything else that would prevent this (I think).

I remember (but NOT where) @anon55913113 was doing something like that when the first CNAME discussion appeared, it may not be applicable here.

Your thoughts please.

mmotti · February 20, 2020, 3:37pm

It's an interesting idea, however I do not use Unbound (or Pi-hole at present), so I'm unsure of the inner workings.

If it did work, it may be a good example for power users, but I think the most effective way for the majority of people will be one or multiple regexps.