Wildcard support for domain black/white listing


#1

There are some services using multiple subdomains which are frequently changing. While it is not possible to blacklist them all, it would be great to have the possibility to automatically block subdomains of specific hosts. Maybe based on the blocklist they are listed in (sorry for my bad english!).


How to use Blacklist?
Blocking whole .xyz .click ad domains possible?
#2

Please see the solution below from @PromoFaux that you can implement manually:

Let’s say I’ve blacklisted .xyz with the following in /etc/dnsmasq.d/02-wildcards.conf:

address=/.xyz/192.168.1.253

That works, and I can no longer connect to anything on the xyz TLD. However, I know that I want to be able to access Alphabet’s site (https://abc.xyz). In order to do this, I can either create another file (to keep things seperate (e.g /etc/dnsmasq.d/03-exceptions.conf) or add my exceptions to 02-wildcards.conf like so:

server=/abc.xyz/8.8.8.8
server=/abc.xyz/8.8.4.4 (where 8.8.8.8 and 8.8.4.4 are your chosen upstream DNS IPs)

So, to tie it all together, the entire contents of my additional config file (the name really doesn’t matter, but they are read into dnsmasq in alphanumerical order):

pi@raspberrypi:~ $ cat /etc/dnsmasq.d/02-cust.conf
#Block Entire XYZ TLD
address=/.xyz/192.168.1.253

#Exceptions below:
#Alphabet:
server=/abc.xyz/8.8.8.8
server=/abc.xyz/8.8.4.4

remember to reload and restart dnsmasq
sudo service dnsmasq reload
sudo service dnsmasq restart


Logging for wildcard support
#3

It would be great. For example ad hosting network bannerflow.com has unlimited subdomains for serving ads.


#4

I added ‘ligatus.com’, ‘gigya.com’ and 'trackuity.com
I also requested a feature to log the blocking


#5

Wildcard blacklisting has been implemented and will be available with the next update.


#6