Making the Angry Hosts File Stronger with dnsmasq
In the previous article we talked about the angry hosts file tool. It collects bad hosts lists from various sources and compiles a single one of them to block the most of malicious hosts online. In the discussion section we pointed out to several weaknesses of the approach. In particular any subdomain of the malicious domain is not getting blocked by the hosts file method.
In this article we describe an improvement of the angry hosts file tool which uses dnsmasq DNS caching server. It allows to block a domain with all of its subdomains, thus the configuration file for it is smaller than the hosts file generated by the tool. Additionally you can enjoy all the features dnsmasq provides like advanced DNS configuration and logging of DNS queries.
Why using dnsmasq is better?
dnsmasq is a lightweight DNS and DHCP server. It works on Linux, Mac OS X, *BSD systems and on Android as well. In comparison to simplistic hosts file approach to configure DNS it provides a lot more options.
Blocking subdomains
The main feature for our purpose is the ability to redirect a domain and all of its subdomains to a given IP address. This is done by adding the following line in the configuration file /etc/dnsmasq.conf :
address=/badsite.com/127.0.0.1
This line redirects badsite.com to the local host. Additionally it will redirect www.badsite.com and all other subdomains of badsite.com to 127.0.0.1.
This feature is indeed really important, as the only thing to be done by a bad site to overcome the hosts file block is to create a subdomain, like www2.badsite.com, and the hosts file will no longer be blocking any content placed there. Some of the malicious web sites indeed do so! This is a major practical improvement over the hosts file approach.
Debugging DNS queries
Another reason to try dnsmasq is its ability to debug DNS queries. Just add this line into configuration:
log-queries
Then restart dnsmasq and it will report on the way how DNS queries are processed by it on the system log file.
Here is how you would read the log messages on Debian/Ubuntu Linux:
sudo tail -f /var/log/syslog
From the messages you will be able to see how the queries are resolved: from the configuration provided or by querying the upstream server.
Other features
There is a number of other features making dnsmasq useful.
- It possible to use dnsmasq to configure a separate DNS server for a group of addresses. E.g. Google's own DNS server 8.8.8.8 for google.com domain and all of its subdomains.
- It is possible to define custom DNS aliases
- dnsmasq can provide DNS service for other machines on your network
- It is a caching server, which could speed up DNS queries
- dnsmasq works as a DHCP server as well
You can learn more about dnsmasq on its homepage: http://www.thekelleys.org.uk/dnsmasq/doc.html
Installation and configuration
In order to use dsnmasq with the angry hosts file tool you just have to install dnsmasq and use the hosts. The angry hosts file tool will then detect dnsmasq installed and offer you to configure it. It will create a file similar to hosts file and then include it from the /etc/dnsmasq.conf automatically.
There is no need to use the blocking hosts file anymore together with dnsmasq, just leave it empty or with your own hosts only!
Disclaimer On this web site you might read about
or get access to various kinds of software and technology, including but not limited to libraries,
operating systems, software for communications, mobile phones and tablets,
Android software and Linux, even cars and motorcycles, security and penetration testing software,
software used in security research and forensics, some samples of software which can be
used (elsewhere) for malicious or illegal purposes. You will read about or be provided with
the ways to change it, to operate it and to use it. You might find advice and recommendations,
which are only an opinion, and not a legal advice or commercial recommendation..
Bear in mind, please, that everything you do, you do solely at your own risk
and responsibility. In no way the author of this web site, information, graphics
and other materials presented here or related to it can be made liable or
anyhow else responsible for your own actions as well as
actions of any third party and their direct or indirect results or consequences
with or without the use of this information as well as the software,
technology and systems mentioned and/or presented here,
no matter if developed by the author or by any third party.
In no way it is guaranteed that you will meet any suitability for
any particular purpose, safety, security, legality or even simply
functioning of the software and systems described here. You have to make
sure each time yourself, whether what you do, is really what you intend to
do, and that you are ready to be yourself responsible for. All the recommendations
and experiences described here are the opinions of corresponding authors and
are to be taken with care and own full responsibility.
The software provided
on or through this web site, linked to from this web site or anyhow else
related to this web site is provided by the corresponding authors on their
own terms. We provide all the software here as is without any guarantees to you.
You are responsible for deciding whether it is suitable for you or not.
You are also responsible for all direct or indirect consequences of using this
software.
Other web sites linked to from the current one are out of the author's control,
we can not guarantee anything about their content, its quality or even legality. We
can not be liable for any use of the linked to web sites or of the information presented there.
We reasonably try to keep this website running smoothly and to deliver
information to the best of our knowledge corresponding to the state of the art at the times
when the information is composed, usually presented together with the information, and out of good intents.
We can not however guarantee and can not be liable for this website being temporarily or permanently
unavailable, presenting unreliable information or software, or any other similar or not malfunctioning
or functioning not up to your expectations as well as any consequences
which might result from this site's operation.
Here is how you perform the installation on Ubuntu:
sudo apt-get install dnsmasq
Next you get the angry hosts file tool and run it. The way to do it is described in detail it the previous article, here we will just give the commands and list a sample interactive run.
git clone --depth 1 https://github.com/qutorial/angryhostsfile.git hosts
cd hosts
./updateHostsFile.py
Answer positively on the questions related to dnsmasq, and you are good to go.
If you used a blocking DNS hosts file just leave it empty if you use dnsmasq.
Usage and troubleshooting
In the meanwhile we've got some new features and bug fixes to the angry hosts file tool. For instance in the whitelist file you could specify the domains you would not like to block.
If you are unhappy with the results you get while using the angry hosts file tool, just write to me on github.
You could also try to debug dnsmasq host as it is described above.
If you want to copmletely get rid of dnsmasq and filtering, just remove dnsmasq completely.
sudo apt-get remove dnsmasq
We are working further on imporving the angry hosts file tool, please, feel free to give us feedback on it. Use either the contact page here or post a new issue on github.
Alternatives and other issues
There are a number of solutions to block malicious hosts. They include anti-viruses for Windows, filtering proxies like Privoxy, browser plug-ins. Our approach is good in its simplicity and the ease of configuration. With the commands above you get basic filtering for all your programs and all users without any additional configuration needed.
The majority of issues stay of blocking malicious hosts with DNS stay the same as for the angry hosts file tool without dnsmasq. Read about it here.
Thanks for reading my blog!
molotnikov.de