Photo by Bryan Garces on Unsplash
Filter DNS queries with Blocky
Blocks
The Domain Name System (DNS) puts you in a position to contain the spread of malware and prevent suspicious activities within your corporate network and, with appropriate filters on your DNS server, prevent user tracking and advertising on websites. Moreover, researchers at the University of Bonn have shown that almost 20 percent of HTTP requests load advertising content and that blocking these ads reduces the power consumption of terminal devices [1].
Blocky, a DNS proxy and ad blocker for local networks, has been under active development by German developer Dimitri Herzog since January 2020 and is available on GitHub. The tool lets you effectively filter domains on the basis of blacklists and whitelists or regular expressions. The filters can differ to match the groups on your local network (e.g., different filter rules can be implemented in different departments).
Blocky supports the DNS over HTTPS (DoH) protocol described by RFC 8484 [2], which was published three years ago. The idea behind DoH is to boost the privacy of the querying users. After encrypting the HTTP query by the Transport Layer Security (TLS) protocol, requested domains are no longer revealed by sniffing unencrypted DNS packets. With DoH – in contrast to DNS over TLS (DoT; specified in RFC 7858) [3], with DNS packets themselves encrypted by TLS – even the DNS query as such can no longer be immediately identified if the DNS service provider also delivers classic web pages over the same port.
If you go to the Blocky website [4], you can download the sources, written in the Go programming language, and compile the project yourself. However, the binary for the tool is a useful alternative if you want to take a look at Blocky first without installing an extensive
...
Buy this article as PDF
(incl. VAT)
Buy ADMIN Magazine
US / Canada
UK / Australia
Related content
- New Techniques Predict Malicious Domain Names
-
Encrypting DNS traffic on Linux with DoT
Prevent attackers from spying on DNS communication or manipulating responses by encrypting your DNS traffic on Linux with the DNS-over-TLS standard and the help of systemd-resolved. -
Solving the security problems of encrypted DNS
DNS encryption offers WiFi users good protection in public spaces; however, in the enterprise, it prevents the evaluation and filtering of name resolution. -
Call web pages in the terminal with Browsh
The Browsh command-line browser displays web pages with text characters and thus supports true-to-layout browsing at the command line. -
Seven free blocking filters for ads
We compare seven free blocking filters for advertisements and look at how they integrate into the network.