Regex-support for dnsmasq #46
Comments
ghost
mentioned this issue
|
Hi @Somebodyisnobody, Hey @dnmTX @smed79 @mitchellkrogza @Ultimate-Hosts-Blacklist/contributors what do you think of this feature request? Stay safe and healthy! |
|
Just to give a little feedback on what you are asking for. What you'll need to achieve this is minimum one list which hold all domain fir which you are able to blacklist by a wildcard, I did start this once, also to be working for this list (forgot where it is) but that will be quit some work (days of work), on the other hand, you could use any existing wildcard list such as mine https://github.com/mypdns/matrix/tree/master/source, but as I also know you are not "prepared" to use all of them |
So you mean that wildcard blocking would not give the possibility to exempt some subdomains? And that we have no index of active subdomains if we want to block only 99 of 100 subdomains of example.com? You fear that the last of 100 would be also blocked? I don't want block in wildcard style, I want to use regex. And for hermless sites like newspaperexample.com only ads.newspaperexample.com could be blocked without using regex. I think for something like this: newspaperexample.com itself would still be callable. When I understand it right @funilrys plans to redo the backend with a shadowdatabase. A central database where lists are indexed, sorted and where black- and whitelister can add/remove entries and where in the end a new list is generated from the database. In the last step, the generation could create such a regex-list:
generation result: or *.badsite.com depending how we interpret the target of blocking www.badsite.com and badsite.com So if I understand you right then I don't see the logic problem for automatic generation of such a list. |
That's one it new to me in conjunction with dnsmasq 😃 but clearly improvement
Yes, you can read a bit more about that here: https://www.mypdns.org/project/view/15/, and please do feel free to come up with any idea, as you usually have some good once 😃
But what about example In either way, you would need a list (DB) which hold all exception (WhiteList) and what should just be using the wildcard feature |
Because dnsmasq (upstream) has no regex support. Only patched versions like this. |
Oh really? You're blowing up my dreams... But at least Pihole supports regex: https://docs.pi-hole.net/ftldns/regex/tutorial/
Depends on how we're defining for example |
|
I'm sorry to be the sure berry in your basket, however if you should make a RegexList it should be holding more suffiticated rules like them I have in my (Private at home) DNSDist addAction(RegexRule("(^|[.])(android|google|connectivitycheck[.]gstatic|cloudconfig[.]googleapis|play[.]googleapis|2ctcysy2xi[.]execute-api[.]us-west-1[.]amazonaws)[.][a-z]{2,5}(([.][a-z]{0,2})?)$"), SpoofAction('192.168.1.1'))
addAction(RegexRule("(^|\\.)(207|2o7|admob|cookiebot|cxense|doubleclick|firebaseapp|google(-)?analytics|googleapis|googletagmanager|gstatic)\\.[a-z]{2,5}((\\.[a-z]{0,2})?)$"), RCodeAction(DNSRCode.NXDOMAIN))And what you are requesting, beside the list itself, is actually already invented.... It's called RPZ (Response Policy Zones) and it support personal WhiteList, which to me is the way to go, as a lot of WhiteListed shit never should have been whitelisted, therefore I'm against the Globally Whitelisting idea as such. And I'll recommand you are using these days to play with RPZ on PowerDNS Recursor behind a DNSDist (Regex) I have made a simple install configuration starter kit here https://www.mypdns.org/source/dns-rpz-integration/ Try it, and let's see what you think.... I'll bet a 🍌 that you'll never go back to anything elsee 😈 |
|
What do you mean with global whitelisting? |
.. glossary:
Globally Whitelisting
A global whitelist is a desisting system which hold the the purpose of making Unwanted where available to the public, against the declared purpose of a BlackListing In other words, if you have a list that removes (Spy/TrackWare)Ware such as Google or Facebook from a list which should exactly protect against such, but because it breaks things, well then you have a global whitelist which removes these from any sources to ensure these can continue running there spyware on any unknowing human. And here it turns really ugly... Let's say I was a 15 yo who got my first computer and would like to protect my self from all the creeps out there. Now I find a number of lists who claims to help me stay protected against such thins, as example SB's list. Now I have installed these in good faith and believes everything is good and I'm better protected against these wolfs, while in fact you are exactly the oppose as many list holders is scared of be "unserious" if they actually do blacklist the suckers for what they are. WHY: Because we all together is to scared to actually help educate out next of kind and learn them how creepy site like google, fakebook and twitter is. This make me think of a scene from Men In Black where Tommy Lee Jones and Will Smith are sitting on a bench after Will is about to be recruited.
This is here the we will find the needs for:
Sorry for the bit long reply, but you did hit a little red button 😃 Hoping you find the answer in my reply 👋 |
Yes, I explained to my mom why she cannot click on: But back to the roots:
But that's exactly the current concept with Ultimate-Hosts-Blacklist/whitelist... I said:
With "worth to be whitelisted" I didn't propose a whitelist where you can exempt bad-tracking.domain, I mean a whitelist for false positives (but didn't specify it above). google-analytics was just the first blacklisted domain in my mind. So and you say that this false positive for example "1drv.ms" (onedrive redirecting service for shares) is a bad tracking domain. That's right, I think Microsoft will use this shortener for counting the clicks but if we'ld keep it blocked onedrive shares are not callable for the "dumb user". So indirectly you propose a interface where the user can add and remove some predefined and community-managed whitelists. The interface then generates a RPZ-rule (or a pihole-working regex list like described above or format foo) applying only the selected whitelists onto the blacklist. Here the user can decide which whitelist(s) he want to take. With a db in the backend we could link additional comments to whitelist revisions/lines to inform the user why a specific domain was whitelisted and who whitelisted it. In conclusion: We need a system that allows the user to decide which whitelist he want to apply. The system could then export the list in format foo and provide it to the user. Of course with API integration for automated refreshing in the deployment. |
WHAAAAAAAAAAAAAAAAAAAAAAAAAT, send her to me and I'll teach her a bit of S/M 🤣 😆 👵
Yep and it contain
It was purely in ref to your Q about
Here the RPZ is your friend again... you can bypass the middle lookup I use it for example to redirect Windows update to the EU servers bypassing the tracking domain, this gives all users the GDPR "protection" and they can claim all data collected deleted 😉 nothing is ever routed to any destination outside EU 👍
Yep's That it part of the Pyramide top (end coal) for the matrix.rocks project
Part of https://mypdns.org/my-privacy-dns/issues/-/issues/2686 PS: You should be contributing with all your idea's, we do agree about more than not 😃 and @funilrys is working his pants of to get us to the @PyFunceble v4 so we can get started on the next part of that project, so please, add your suggestions and idea's. 🇩🇪 🇩🇰 |
@Somebodyisnobody commented on Mar 27, 2020, 2:19 PM UTC:
PiHole FTL and dnsmasq does support regex. We could shrink the file size save ourselves the www. entries. Are there any discussions at the moment about it?
This issue was moved by funilrys from mitchellkrogza/Ultimate.Hosts.Blacklist#564.
The text was updated successfully, but these errors were encountered: