Question Router/DNS/Site Blocking

Page 2 - Seeking answers? Join the Tom's Hardware community: where nearly two million members share solutions and discuss the latest tech.
Toggle sidebar Toggle sidebar
No, that's not it. Going back to my original post, it's about the ability of a router to block a site. The issue is that I believed the router when it said it could block a site. It seems that my definition of "Blocked" is terribly inaccurate. :)
 
IGotAnAngle said:
That would work for a single device but not the entire network, correct?
It's not what I was after.
Click to expand...
No. If you setup a raspberry pi / x86 pi-hole dns (with dhcp service running) server It will "block" the entire network if you disable dhcp on the router. All devises in on your network will use pi-hole as the dns server.

So any device on the network want to visit a website ex. blockedsite.com, or a webpage embedded with links pointing to blockedsite.com, it will get an ip address 0.0.0.0 instead an correct ip address aa.bb.cc.dd. When router see an ip address 0.0.0.0, it will not route the data packets to the internet at all to request the website's contents. That's how a website is blocked.

If pi-hole is all you need, you can use raspberry pi zero w + a microsd
www.raspberrypi.com

Buy a Raspberry Pi Zero W – Raspberry Pi

The Raspberry Pi Zero W extends the Pi Zero family and comes with added wireless LAN and Bluetooth connectivity.
www.raspberrypi.com www.raspberrypi.com
https://www.microcenter.com/product/486575/Zero_W?src=raspberrypi

View: https://www.youtube.com/watch?v=f9dPj6gmYIA
 
Last edited:
lantis3 said:
No. If you setup a raspberry pi / x86 pi-hole dns (with dhcp service running) server It will "block" the entire network if you disable dhcp on the router. All devises in on your network will use pi-hole as the dns server.

So any device on the network want to visit a website ex. blockedsite.com, or a webpage embedded with links pointing to blockedsite.com, it will get an ip address 0.0.0.0 instead an correct ip address aa.bb.cc.dd. When router see an ip address 0.0.0.0, it will not route the data packets to the internet at all to request the website's contents. That's how a website is blocked.
Click to expand...
That snippet was referring to the Hosts file. Which is device specific. Is it not?
 
Using pi-hole or any ad-blocking dns is not always positive, however. Sometimes it will block too much and causes problem with a website like Vons.com, where the site will not load properly since it's webpages have may ad-links or popups, and those ads are exactly what you want to see.

To make it load properly, you have to look at pi-hole logs to figure out what ads domains are blocked to cause issues. That's not an easy job sometimes. Personally I use Ghostery extension for Chrome instead using ad-blocking dns.
 
lantis3 said:
Using pi-hole or any ad-blocking dns is not always positive, however. Sometimes it will block too much and causes problem with a website like Vons.com, where the site will not load properly since it's webpages have may ad-links or popups, and those ads are exactly what you want to see.

To make it load properly, you have to look at pi-hole logs to figure out what ads domains are blocked to cause issues. That's not an easy job sometimes. Personally I use Ghostery extension for Chrome instead using ad-blocking dns.
Click to expand...
Where did you even get Pi-Hole from? DNS and PiHole are not the same thing.

If OP wants adblocking, which isn't even a topic of discussion until you brought it up, each device should have its own blocker.


Back to the subject at hand, @IGotAnAngle look into setting up the DNS caching. It's simple-ish to do and in general a good starter Pi project (if you're not familiar it it) and can slightly boost network response as all the hops to the DNS server are eliminated after the first call.
 
sycoreaper said:
Where did you even get Pi-Hole from? DNS and PiHole are not the same thing.

If OP wants adblocking, which isn't even a topic of discussion until you brought it up, each device should have its own blocker.


Back to the subject at hand, @IGotAnAngle look into setting up the DNS caching. It's simple-ish to do and in general a good starter Pi project (if you're not familiar it it) and can slightly boost network response as all the hops to the DNS server are eliminated after the first call.
Click to expand...
Well, you are right Pi-Hole is not exactly a DNS , it's just a DNS forwarder. BIND/UNBOUND/Technitium are. Calling Pi-Hole a DNS is easier for most people.
 
Last edited:
lantis3 said:
Well, you are right Pi-Hole is not exactly a DNS , it's just a DNS forwarder. BIND/UNBOUND/Technetium are. Calling Pi-Hole a DNS is easier for most people.
Click to expand...
And ANY desired domain can be added to PIHole for blocking. It is a local DNS provider, which like all local DNS providers forwards to an authoritative DNS.
 
Last edited:
  • Like
Reactions: SyCoREAPER
kanewolf said:
And ANY desired domain can be added to PIHole for blocking. It is a local DNS provider, which like all local DNS providers forwards to an authoritative DNS.
Click to expand...
Incorrect for this discussion. It will not keep a 'local log' and will go out to OpenDNS every time.
lantis3 said:
Pi-Hole is based on dnsmasq, it will not do recursive and iterative queries.
https://thekelleys.org.uk/dnsmasq/doc.html

View: https://www.youtube.com/watch?v=PS0UppB3-fg

most home router's 3rd party firmware use it as a very simple local dns

Pi-Hole expand dnsmasq's functionality in a very big way but still not a real dns.

Personally I highly recommend Technitium DNS https://technitium.com/dns/
Click to expand...
Nailed it.
 
sycoreaper said:
Incorrect for this discussion. It will not keep a 'local log' and will go out to OpenDNS every time.
Click to expand...
PIHole does keep a local blacklist and whitelist. Will it (the PI) consult the upstream DNS before or after the local blacklist? I haven't researched that. BUT the end result is that the blacklisted domain is not translated to the requesting client.

For example, Facebook was putting click bait ads in my feed. These ads linked to a a scareware type site with fake virus popups. I added " *uc.a.run.ap" as a reg-exp black list and now those links just don't resolve.

If the desire is to block unwanted domains from a DNS enabled deivce, then, IMO, PIHole can be relevant to this discussion.
 
Pi-Hole will consult blacklists first. If the domain is on blacklists, then it will not forward to upstream DNS servers at all.

If it's on whitelists, I think it will then overwrite blacklists if it's in there and still forward the query to upstream DNS. Correct me if I'm wrong.
 
That's not the point PIHole's intended purpose is different. The blacklist works as you said but it's primary purpose is ad-blocking, not DNS caching.

I suggested DNS caching because the OP can use it as a private DNS so it stops going out to OpenDNS.

The method has two options.

1) Once a cache is built, it will stop going to OpenDNS. Downside it will go to it for for each new site but only once.

2) The manual method. Edit the cache file with what ever the OP is trying to block. Manually look for a list (usually an ad blocker list) for the type of content that they want to block; malicious sites, pr0n, etc.. And set a redirect.

A Pi-Hole might be able to do all this as well but that's not it's intended purpose, it's first and foremost an adblocker. It's not worth the effort to to tinker and try and make something else work (might even interfere with one another) when an existing product already exists.
 
  • Like
Reactions: lantis3
Well, my previous reasoning was correct.

If I add facebook.com into blacklist into Pi-Hole, then it's blocked. If I add facebook.com later on into whitelist of Pi-Hole then it gets unblocked even if facebook.com is still in blacklist.

Tested on Pi-Hole installation on DietPi NAS VM.

DietPi.com Docs - DNS Servers Options

Description of DietPi software options related to DNS servers
dietpi.com dietpi.com

XKWn7wU.png
 
Last edited:
I don't know why did you care so much about caching. Caching only speeds up querying results, it has nothing to do with blacklisting/blocking a domain. Cache also has a TTL (Time To Live) value. Once it expires, PC will always have to re-query again.

DNS cache - Pi-hole documentation

docs.pi-hole.net docs.pi-hole.net

My Pi-Hole cache info

uesqcuf.png


If using Technitium DNS (or Windows Server's DNS server), you will be able to see every record that's been cached.

IpLLb3k.png


Even every Windows client/server comes with DNS client and will cache dns query results.

DNS Client (in Windows Services)
The DNS Client service (dnscache) caches Domain Name System (DNS) names and registers the full computer name for this computer. If the service is stopped, DNS names will continue to be resolved. However, the results of DNS name queries will not be cached and the computer's name will not be registered. If the service is disabled, any services that explicitly depend on it will fail to start.
 
Last edited:
You must log in or register to reply here.

TRENDING THREADS

Latest posts

Moderators online

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom