dns-blocklist-en
Différences
Ci-dessous, les différences entre deux révisions de la page.
Les deux révisions précédentesRévision précédenteProchaine révision | Révision précédente | ||
dns-blocklist-en [2019/02/14 08:03] – [FAQ] sebsauvage | dns-blocklist-en [2024/01/02 13:19] (Version actuelle) – [Sources] sebsauvage | ||
---|---|---|---|
Ligne 24: | Ligne 24: | ||
Drawbacks: | Drawbacks: | ||
* Does not filter // | * Does not filter // | ||
+ | * Some software may perform DNS resolution themselves instead of using the system DNS. They may therefore work around your DNS blocklist. | ||
You do not need to worry: The setup is easy to reverse. | You do not need to worry: The setup is easy to reverse. | ||
Ligne 29: | Ligne 30: | ||
< | < | ||
- | ===== Lists ===== | + | ---- |
- | I'm using these lists: | + | ===== List ===== |
- | * https:// | + | |
- | * https:// | + | |
- | * https:// | + | |
- | * https:// | + | |
- | * https:// | + | |
- | * https:// | + | |
- | * http:// | + | |
- | * https:// | + | |
- | + | ||
- | They are long-lasting reputable sources. | + | |
- | To make things easier, I have aggregated these sources in a single file (duplicates removed, resolution in 0.0.0.0): | + | <WRAP center round box 60% caution centeralign> |
+ | < | ||
+ | </ | ||
- | ^ URL ^ Size ^ Number of blocked domains ^ Notes ^ | ||
- | | **<wrap hi> | ||
- | | **https:// | ||
==== What does this list blocks ? ==== | ==== What does this list blocks ? ==== | ||
- | * Web advertising (// | + | * Web advertising (// |
* Malvertising (advertising networks known for spreading malware, trojan horses...) (// | * Malvertising (advertising networks known for spreading malware, trojan horses...) (// | ||
* Advertising in mobile applications (// | * Advertising in mobile applications (// | ||
* Web analytics (// | * Web analytics (// | ||
* Mobile applications analytics (// | * Mobile applications analytics (// | ||
+ | * Analytics/ | ||
* Tracking services (canvas fingerprinting, | * Tracking services (canvas fingerprinting, | ||
+ | * First-party trackers. | ||
* Social badges and buttons (// | * Social badges and buttons (// | ||
* Web site counters (// | * Web site counters (// | ||
Ligne 65: | Ligne 57: | ||
* Websites designed to shock (//goatse, 2girls1cup...// | * Websites designed to shock (//goatse, 2girls1cup...// | ||
* Domains linked to Windows 10 tracking/ | * Domains linked to Windows 10 tracking/ | ||
+ | |||
+ | |||
+ | ==== Sources ==== | ||
+ | |||
+ | This list is an aggregation of the following sources: | ||
+ | * https:// | ||
+ | * https:// | ||
+ | * https:// | ||
+ | * https:// | ||
+ | * https:// | ||
+ | * https:// | ||
+ | * https:// | ||
+ | * https:// | ||
+ | * https:// | ||
+ | * https:// | ||
+ | * https:// | ||
+ | * https:// | ||
+ | * https:// | ||
+ | * https:// | ||
+ | * < | ||
+ | * < | ||
+ | * < | ||
+ | * < | ||
+ | * < | ||
+ | |||
+ | The blocklist is available in several formats: | ||
+ | |||
+ | ^ URL ^ Notes ^ | ||
+ | | **<wrap hi> | ||
+ | | **https:// | ||
+ | | **https:// | ||
+ | |||
+ | === Whitelist === | ||
+ | |||
+ | These blocking lists make occasional mistakes. I have put some domains on a whitelist. These domains will never be blocked. | ||
+ | |||
+ | <hidden Click to display> | ||
+ | ^Domaine^Reason^ | ||
+ | |sebsauvage.net|My own domain so that list updates are not blocked.| | ||
+ | |proxad.net|Professionnal french hosting company (branch of Free.fr ISP)| | ||
+ | |commentcamarche.net|Computer tutorials website| | ||
+ | |www.commentcamarche.net|Computer tutorials website| | ||
+ | |mail.gandi.net|Mail server of one of the biggest french professional hosting companies| | ||
+ | |c.orange.fr|Linked to the webmail of Orange, one of the biggest french ISP| | ||
+ | |iapref.orange.fr|Linked to the webmail of Orange, one of the biggest french ISP| | ||
+ | |iapref.wanadoo.fr|Linked to the webmail of Orange, one of the biggest french ISP| | ||
+ | |metric.gstatic.com|Some sub-domains are used for DoT (DNS-over-TLS)| | ||
+ | |ssl0.ovh.net|Mail servers hosts at OVH| | ||
+ | |60gp.ovh.net|Mail servers hosts at OVH| | ||
+ | |vboxsvr.ovh.net|Shared hosting at OVH| | ||
+ | |cdn.tagcommander.com|Required for LaPoste webmail| | ||
+ | |ae01.alicdn.com|Required to display images in AliExpress| | ||
+ | |www.sugarsync.com|Required for SugarSync cloud synchronization.| | ||
+ | |lilo.org|Searchengine| | ||
+ | |www.ismonaco.org|University| | ||
+ | |cpc.cx|URL shortener of CanardPC.| | ||
+ | |simplelogin.fr, | ||
+ | |go.icann.org|Non-profit internet coordination organization| | ||
+ | |idp.impots.gouv.fr|French IRS| | ||
+ | |ipfs.scalaproject.io|IPFS Gateway| | ||
+ | |app.simplelogin.io|Antispam email| | ||
+ | |t.co|Twitter URL shortener| | ||
+ | |transfer.sh|File transfer service| | ||
+ | |woopic.com|CDN used by Orange ISP| | ||
+ | |pushbullet.com|Automation API| | ||
+ | |l.bfmtv.com|BFMTV short URLs| | ||
+ | </ | ||
+ | |||
+ | \\ | ||
+ | |||
+ | PS: If you find a domain which should not be blocked, please let me know (by email, Mastodon, Wire or Telegram). | ||
+ | |||
+ | |||
+ | ---- | ||
+ | |||
===== Installation ===== | ===== Installation ===== | ||
Ligne 78: | Ligne 145: | ||
# Update the DNS blocklist from the web | # Update the DNS blocklist from the web | ||
logger " | logger " | ||
- | tempname=`tempfile` | + | tempname=`mktemp` |
echo " | echo " | ||
printf " | printf " | ||
Ligne 99: | Ligne 166: | ||
If this does not seem to work, run '' | If this does not seem to work, run '' | ||
+ | |||
+ | If you want the host file to be automatically updated, you can try the freeware //HostMan// [NOT TESTED] : http:// | ||
Ligne 105: | Ligne 174: | ||
There are several Android applications capable to downloading and applying a blocklist. Please note that these applications use the VPN feature of Android. It's the only way for an application to collect network traffic of all other applications. You can use one of these applications: | There are several Android applications capable to downloading and applying a blocklist. Please note that these applications use the VPN feature of Android. It's the only way for an application to collect network traffic of all other applications. You can use one of these applications: | ||
- | * [[https:// | + | * [[https:// |
* [[https:// | * [[https:// | ||
- | * [[https:// | ||
< | < | ||
In each of these applications, | In each of these applications, | ||
- | |||
- | | {{ : | ||
- | | Blokada main screen | In blacklists, use this button to add a new source with [[https:// | ||
- | |||
- | By default, Blokada will display a notification for each blocked domain. Give it a try ! Open your favorites applications to see what you are spared of. After a moment, you will probably want to disable the notifications: | ||
- | |||
- | {{ : | ||
For an extra layer of security, you can use alternate DNS resolvers such as Quad9 (9.9.9.9/ | For an extra layer of security, you can use alternate DNS resolvers such as Quad9 (9.9.9.9/ | ||
- | <note important> | + | ---- |
- | * I do **not** recommend the default blocklist provided by Blokada (// | + | |
- | * By default, Blokada imposes not restriction on GooglePlay, GoogleDrive and other Google applications. You should disable whitelists. | + | |
- | </ | + | |
===== Update ===== | ===== Update ===== | ||
- | I recommend updating the list every month. \\ Under Android, //Blokada// and //DNS66// are capable of updating the list automatically on a regular basis. | + | I recommend updating the list every week. \\ Under Android, //personalDNSFilter// and //DNS66// are capable of updating the list automatically on a regular basis. |
+ | |||
+ | ---- | ||
===== Security ===== | ===== Security ===== | ||
Ligne 142: | Ligne 202: | ||
+ | |||
+ | ---- | ||
===== FAQ ===== | ===== FAQ ===== | ||
* //Which Android application do you recommend ?// | * //Which Android application do you recommend ?// | ||
- | * Blokada | + | * personalDSNFilter is light and does a very good job. |
* //Why use 0.0.0.0 instead of 127.0.0.1 ?// | * //Why use 0.0.0.0 instead of 127.0.0.1 ?// | ||
* 0.0.0.0 is a valid, but non-routable address. It will fail immediately. Which is not the case of 127.0.0.1 which adds some latency. | * 0.0.0.0 is a valid, but non-routable address. It will fail immediately. Which is not the case of 127.0.0.1 which adds some latency. | ||
* //Why not add list X ?// | * //Why not add list X ?// | ||
- | * //[[https:// | + | * [[https:// |
- | * Abusive blocking (eg. it blocks | + | * Abusive blocking (eg. it blocks www.commentcamarche.net which is a computer science learning site.) |
* // | * // | ||
* Abusive blocking (it blocks // | * Abusive blocking (it blocks // | ||
Ligne 157: | Ligne 219: | ||
* Your browser will simply display a " | * Your browser will simply display a " | ||
* //How often do you update your list ?// | * //How often do you update your list ?// | ||
- | * On an irregular basis, but a least once a month. | + | * Every day. |
* //What if your website disappears ?// | * //What if your website disappears ?// | ||
* My website has been online longer than Facebook and Twitter. Satisfied ? | * My website has been online longer than Facebook and Twitter. Satisfied ? | ||
+ | |||
+ | ---- | ||
dns-blocklist-en.1550131415.txt.gz · Dernière modification : 2019/02/14 08:03 de sebsauvage