Web lists-archives.com

Re: Self-censorship 101 (was: Problems with https://manpages.debian.org/)


On Wed, Jun 27, 2018 at 10:25:34PM -0500, David Wright wrote:
> > > But do I want to set up a DNS proxy
> > > on each host, with any wheezy, jessie and stretch differences to sort
> > > out?
> > 
> > Why would you? You set up a single DNS (or HTTP proxy) and point all
> > your devices there.
> I can't guarantee that any particular machine at home is always
> running as a proxy whenever I browse using an arbitrary machine
> for browsing. My home isn't a business running a server 24/7,
> and my consumer-grade router runs only DHCP, not DNS.

A router seems a natural place to host DNS (to me at least). If it's
impossible for whatever reason - then things are tough, but are not
hopeless. Any cheap/free VPS will solve it.

> > Setting up a local DNS resolver is justifiable for a laptop, of course,
> > provided you carry one with you into different networks.
> I'm not sure what you mean. The only resolver at home is /etc/hosts,
> which is very easy to maintain. I have a master list of local hosts
> (PC/router/phone/printer/TV/roku devices) and the hitlist, and a
> one-liner to install it (concatenate, and mangle the host's own
> IP address).
> > > Then I have to maintain my list of domains to send to localhost.
> > > Where do I start with that?
> > 
> > My DNS of choice for small LAN segments is dnsmasq.
> Sure. But who's going to generate the list of domains¹?

The same person who it for your /etc/hosts, of course. Who else?

> As I said,
> my edited list has 6765 items, but is unsuitable for use as is:
> it might be sensible to block ads.youtube.com, but not youtube.com.

Any DNS can contain a custom A/AAAA record ('host block') or a custom
NS/SOA record ('domain block'). DNS adds you options, it does not take them.

> > > > 3) Why cripple system-wide resolver for a single program (in this
> > > > case - a browser). A suitable browser plugin should suffice here.
> > > 
> > > How long does it take to read ½MB into memory (once) and then check
> > > it? Obviously not very long as it works well.
> > 
> > You misunderstood me, it seems. You make a change to the file that's
> > respected by each and every program that utilizes gethostbyname(3) and
> > gethostbyaddr(3).
> > The only positive thing that achieves is better browsing experience, and
> > the reason you do this is the brokenness of Modern Web™.
> > At the same time you get numerous side effects for every other program
> > in your system(s), which may or may not be problematic.
> I'm not aware of any other program that's 1% as promiscuous as a
> browser. (Perhaps you could suggest some.)

Let's see. Any torrent client. Any MTA. SSH client. Tor/I2P/Freenet
instance. A Modern Desktop Environment™.

As I wrote earlier, it may, or may not be a problem. I take it that it
for you it is not.