Menu
What's new
By:
Filters Better Search

Diversion Is it possible to block DNS query type

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

C

chongnt

Very Senior Member
Sorry to bring this topic up again. I'm sure I have read it before but don't seems to have a way to block it. Do we have a way to block it now? Be it by firewall, unbound dns, diversion or any other means?
 
I'm trying to block query type 65. Reason being some domains in blockinglist are slipping through...
 
I'd never heard of the type 65 RR before. Can you give an example query that would return such a record?
 
I am actually trying some adblock. I remember this is something Apple introduced since ios 14.

Here are the logs:
Code: 
May 26 00:10:57 dnsmasq[27367]: 301 192.168.1.21/53062 query[A] analytics.mobile.yandex.net from 192.168.1.21
May 26 00:10:57 dnsmasq[27367]: 301 192.168.1.21/53062 /opt/share/diversion/list/blockinglist analytics.mobile.yandex.net is 192.168.1.254
May 26 00:10:58 dnsmasq[27367]: 306 192.168.1.21/59897 query[type=65] analytics.mobile.yandex.net from 192.168.1.21
May 26 00:10:58 dnsmasq[27367]: 306 192.168.1.21/59897 forwarded analytics.mobile.yandex.net to 127.0.0.1
 
OK thanks. I can't think of a solution for this.

dnsmasq's --dns-rr doesn't support * as a wildcard for the name.

I did notice that you can actually specify any random query type (that isn't answered by dnsmasq) and it will forward it and get a valid reply, which may contain a CNAME which I guess is what you're trying to avoid.

Code: 
# dig +short @192.168.1.1 analytics.mobile.yandex.net TYPE65
report.appmetrica.yandex.net.
# dig +short @192.168.1.1 analytics.mobile.yandex.net TYPE999
report.appmetrica.yandex.net.
Code: 
May 25 18:45:57 dnsmasq[23522]: query[type=65] analytics.mobile.yandex.net from 192.168.1.10
May 25 18:45:57 dnsmasq[23522]: forwarded analytics.mobile.yandex.net to 9.9.9.9
May 25 18:45:59 dnsmasq[23522]: query[type=999] analytics.mobile.yandex.net from 192.168.1.10
May 25 18:45:59 dnsmasq[23522]: forwarded analytics.mobile.yandex.net to 9.9.9.9
 
You must log in or register to reply here.

Similar threads

A
VPN over DNS
Replies
2
Views
520
SomeWhereOverTheRainBow
SomeWhereOverTheRainBow
B
Unbound Use unbound/router as default DNS server
Replies
2
Views
862
BeachGuy
B
Q
New user questions
2
Replies
30
Views
939
Tech9
Tech9
V
Opera DNS-over tls
Replies
0
Views
508
vdemarco
V
K
Skynet No data to display for only outbound?
Replies
5
Views
379
Ripshod
Ripshod
Similar threads
Thread starter Title Forum Replies Date
J Entware Possible to install jdownloader on asuswrt-merlin router with entware?? Asuswrt-Merlin AddOns 9
Jack-Sparr0w Is it possible to use nord dns with unbound or any way to add it? Asuswrt-Merlin AddOns 9
thelonelycoder Is it possible to update all addons through the GUI? Asuswrt-Merlin AddOns 2
johndoe85 Is it possible to update all addons through the GUI? Asuswrt-Merlin AddOns 8
R Diversion Diversion and Ubisoft Connect - how to find out what is the problematic block? Asuswrt-Merlin AddOns 5
C Skynet Problem with country block for incoming connections Asuswrt-Merlin AddOns 5
K Diversion How do I block Youtube shorts videos? Asuswrt-Merlin AddOns 17
pmcarrion VPNMON Block IPv6 on devices routed through a VPN Asuswrt-Merlin AddOns 2
P Skynet show inbound block on Digital TV Vlan300 Asuswrt-Merlin AddOns 4
B BLOCK IP RANGE.....NATION. Asuswrt-Merlin AddOns 7

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 811 (members: 34, guests: 777)
Top