How to Block ASN (Autonomous System Number)

Kloop · March 25, 2023, 2:31pm

I need block using asn provider. Is this possible? y need change with agregate this fuction

jpgpi250 · March 25, 2023, 3:15pm

you can do this using an additional dnsmasq configuration file, this to prevent losing the configuration after pihole -up.

example, assume the following.
you want to block everything from google ("asn":15169,"name":"GOOGLE")

dig google.com -> 142.251.36.14 (address in my region)
now visit https://api.bgpview.io/ip/142.251.36.14, you'll get:

{"status":"ok","status_message":"Query was successful","data":{"ip":"142.251.36.14","ptr_record":"ams15s44-in-f14.1e100.net","prefixes":[{"prefix":"142.251.36.0\/24","ip":"142.251.36.0","cidr":24,"asn":{"asn":15169,"name":"GOOGLE","description":"Google LLC","country_code":"US"},"name":"GOOGLE","description":"Google LLC","country_code":"US"},{"prefix":"142.250.0.0\/15","ip":"142.250.0.0","cidr":15,"asn":{"asn":15169,"name":"GOOGLE","description":"Google LLC","country_code":"US"},"name":"GOOGLE","description":"Google LLC","country_code":"US"}],"rir_allocation":{"rir_name":"ARIN","country_code":null,"ip":"142.250.0.0","cidr":15,"prefix":"142.250.0.0\/15","date_allocated":"2012-05-24 00:00:00","allocation_status":"allocated"},"iana_assignment":{"assignment_status":"legacy","description":"Administered by ARIN","whois_server":"whois.arin.net","date_assigned":null},"maxmind":{"country_code":null,"city":null}},"@meta":{"time_zone":"UTC","api_version":1,"execution_time":"685.45 ms"}}

notice the ip (142.251.36.0) and cidr (24), combined in the prefix (142.251.36.0/24).

create an extra file /etc/dnsmasq.d/xx-asnblock.conf, replace xx with the next free number, content:
option 1: bogus-nxdomain=142.251.36.0/24
option 2: ignore-address=142.251.36.0/24

use one of the two options, not both.
option 1 will deliver an immediate NXDOMAIN reply
option 2 will simply timeout (when using dig)

ensure there is an extra linefeed after the line with the option you have chosen.
now restart FTL (sudo service pihole-FTL restart. done...

get asn info from IP -> https://api.bgpview.io/ip/142.251.36.14
get asn info by asn number -> https://api.bgpview.io/asn/15169
get all prefixes for specific asn number -> https://api.bgpview.io/asn/15169/prefixes

read the dnsmasq man for info on the options

system · April 15, 2023, 3:16pm

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.