How to Use Blocky to Quickly Filter DNS Queries

0
278
How to Use Blocky to Quickly Filter DNS Queries

Dit bericht verscheen eerder bij FOSSlife

The Domain Name System (DNS) puts you in a position to contain the spread of malware and prevent suspicious activities within your corporate network and, with appropriate filters on your DNS server, prevent user tracking and advertising on websites. Moreover, researchers at the University of Bonn have shown that almost 20 percent of HTTP requests load advertising content and that blocking these ads reduces the power consumption of terminal devices.

Blocky, a DNS proxy and ad blocker for local networks, has been under active development by German developer Dimitri Herzog since January 2020 and is available on GitHub. The tool lets you effectively filter domains on the basis of blacklists and whitelists or regular expressions. The filters can differ to match the groups on your local network (e.g., different filter rules can be implemented in different departments).

Blocky supports the DNS over HTTPS (DoH) protocol described by RFC 8484, which was published three years ago. The idea behind DoH is to boost the privacy of the querying users. After encrypting the HTTP query by the Transport Layer Security (TLS) protocol, requested domains are no longer revealed by sniffing unencrypted DNS packets. With DoH – in contrast to DNS over TLS (DoT; specified in RFC 7858), with DNS packets themselves encrypted by TLS – even the DNS query as such can no longer be immediately identified if the DNS service provider also delivers classic web pages over the same port.

If you go to the Blocky website, you can download the sources, written in the Go programming language, and compile the project yourself. However, the binary for the tool is a useful alternative if you want to take a look at Blocky first without installing an extensive Go development environment. Even easier, you can choose the Docker image that is also provided and simply launch Blocky in a container.

If you want to use your own domain names on your local network, Blocky lets you resolve internal names yourself or forward corresponding requests to other DNS servers. Here, too, you can configure different upstream resolvers, depending on the requesting client, or forward requests to different resolvers each time. By default, Blocky does not collect any information about requesting clients or domain names.

Blocking Queries

To test Blocky, start the Docker container on an available Linux server and configure it as the DNS server for your computer. Before launching, you need to prepare a simple configuration file named config.yml. For example, you could set up common DNS servers as the upstream and the domain blacklist from abuse.ch (Listing 1) and then launch Blocky with the command:

docker run --name blocky-v ./config.yml:/app/config.yml-p 4000:4000-p 53:53/udp spx01/blocky

Dit bericht verscheen eerder bij FOSSlife

Vorig artikelMNT Research Creates Pocket-Sized Open Source Computer
Volgend artikelAIOps for storage: Potential huge benefits, but lots of lock-in