Making the Angry Hosts File Stronger with dnsmasq

In the previous article we talked about the angry hosts file tool. It collects bad hosts lists from various sources and compiles a single one of them to block the most of malicious hosts online. In the discussion section we pointed out to several weaknesses of the approach. In particular any subdomain of the malicious domain is not getting blocked by the hosts file method.

In this article we describe an improvement of the angry hosts file tool which uses dnsmasq DNS caching server. It allows to block a domain with all of its subdomains, thus the configuration file for it is smaller than the hosts file generated by the tool. Additionally you can enjoy all the features dnsmasq provides like advanced DNS configuration and logging of DNS queries.

Why using dnsmasq is better?

dnsmasq is a lightweight DNS and DHCP server. It works on Linux, Mac OS X, *BSD systems and on Android as well. In comparison to simplistic hosts file approach to configure DNS it provides a lot more options.

Blocking subdomains

The main feature for our purpose is the ability to redirect a domain and all of its subdomains to a given IP address. This is done by adding the following line in the configuration file /etc/dnsmasq.conf :

address=/badsite.com/127.0.0.1

This line redirects badsite.com to the local host. Additionally it will redirect www.badsite.com and all other subdomains of badsite.com to 127.0.0.1.

This feature is indeed really important, as the only thing to be done by a bad site to overcome the hosts file block is to create a subdomain, like www2.badsite.com, and the hosts file will no longer be blocking any content placed there. Some of the malicious web sites indeed do so! This is a major practical improvement over the hosts file approach.

Debugging DNS queries

Another reason to try dnsmasq is its ability to debug DNS queries. Just add this line into configuration:

log-queries

Then restart dnsmasq and it will report on the way how DNS queries are processed by it on the system log file.

Here is how you would read the log messages on Debian/Ubuntu Linux:

sudo tail -f /var/log/syslog

From the messages you will be able to see how the queries are resolved: from the configuration provided or by querying the upstream server.

Other features

There is a number of other features making dnsmasq useful.

  • It possible to use dnsmasq to configure a separate DNS server for a group of addresses. E.g. Google's own DNS server 8.8.8.8 for google.com domain and all of its subdomains.
  • It is possible to define custom DNS aliases
  • dnsmasq can provide DNS service for other machines on your network
  • It is a caching server, which could speed up DNS queries
  • dnsmasq works as a DHCP server as well

You can learn more about dnsmasq on its homepage: http://www.thekelleys.org.uk/dnsmasq/doc.html

Installation and configuration

In order to use dsnmasq with the angry hosts file tool you just have to install dnsmasq and use the hosts. The angry hosts file tool will then detect dnsmasq installed and offer you to configure it. It will create a file similar to hosts file and then include it from the /etc/dnsmasq.conf automatically.

There is no need to use the blocking hosts file anymore together with dnsmasq, just leave it empty or with your own hosts only!

Disclaimer On this website you might read about various kinds of software and technology, including but not limited to libraries, operating systems, software for communications, mobile phones and tablets, Android software and Linux, even cars and motorcycles. You will read about the ways to change it, to operate it and to use it. You might find advice and recommendations.
Bear in mind, please, that everything you do, you do solely at your own risk and responsibility. In no way the author of this website, information, graphics and other materials presented here or related to it can be made liable or anyhow else responsible for your own actions as well as actions of any third party and their results with or without the use of this information as well as the software, technology and systems mentioned here, no matter if developed by the author or by any third party.
In no way it is guaranteed that you will meet any suitability for any particular purpose, safety, security, legality or even simply functioning of the software and systems described here. You have to make sure each time yourself, whether what you do, is really what you intent to do, and what you are ready to be yourself responsible for. All the recommendations and experiences described here are the opinions of corresponding authors and are to be taken with care and und own full responsibility.
Other web sites linked to from the current one are out of the author's control, we can not guarantee anything about their content and can not be liable for any use of them or of information presented there.
We try however to keep this website running smoothly and to deliver information to the best of our knowledge corresponding to the state of the art and out of good intents. We can not however guarantee and can not be liable for this website being temporarily or permanently unavailable as well as any consequences which might result from this site's operation.

Here is how you perform the installation on Ubuntu:

sudo apt-get install dnsmasq

Next you get the angry hosts file tool and run it. The way to do it is described in detail it the previous article, here we will just give the commands and list a sample interactive run.

git clone --depth 1 https://github.com/qutorial/angryhostsfile.git hosts
cd hosts
./updateHostsFile.py

Answer positively on the questions related to dnsmasq, and you are good to go.

$ ./updateHostsFile.py
Generate a dnsmasq.conf? [Y/n] Y
Do you want to update all data sources? [Y/n] Y
Updating sources...
Do you want to exclude any domains?
For example, hulu.com video streaming must be able to access its tracking and ad servers in order to play video. [y/N] N
OK, we'll only exclude domains in the whitelist.
...
Writing myhosts file as a preamble...
Success! Your shiny new hosts file has been prepared.
It contains 391,682 unique entries.
315,164 lines in dnsmasq configuration file
!! Make sure to backup your hosts file before replacing it !!
Do you want to replace your existing hosts file with the newly generated file? [y/N] N
Do you want to update your dnsmasq configuration? [Y/n] Y
Moving the file requires administrative privileges. You might need to enter your password.
[sudo] password for user: Type your password here
Restarting dnsmasq
 * Restarting DNS forwarder and DHCP server dnsmasq...

If you used a blocking DNS hosts file just leave it empty if you use dnsmasq.

Usage and troubleshooting

In the meanwhile we've got some new features and bug fixes to the angry hosts file tool. For instance in the whitelist file you could specify the domains you would not like to block.

If you are unhappy with the results you get while using the angry hosts file tool, just write to me on github.

You could also try to debug dnsmasq host as it is described above.

If you want to copmletely get rid of dnsmasq and filtering, just remove dnsmasq completely.

sudo apt-get remove dnsmasq

We are working further on imporving the angry hosts file tool, please, feel free to give us feedback on it. Use either the contact page here or post a new issue on github.

Alternatives and other issues

There are a number of solutions to block malicious hosts. They include anti-viruses for Windows, filtering proxies like Privoxy, browser plug-ins. Our approach is good in its simplicity and the ease of configuration. With the commands above you get basic filtering for all your programs and all users without any additional configuration needed.

The majority of issues stay of blocking malicious hosts with DNS stay the same as for the angry hosts file tool without dnsmasq. Read about it here.



Thanks for reading my blog!
Created: 11/11/2015
Your comment: