Re: firefox > Preferences > When Firefox starts.
- Date: Thu, 25 Apr 2019 12:28:37 -0400
- From: Lee <ler762@xxxxxxxxx>
- Subject: Re: firefox > Preferences > When Firefox starts.
On 4/25/19, David Wright <deblis@xxxxxxxxxxxxxxxxx> wrote:
> On Wed 24 Apr 2019 at 14:29:00 (-0400), Lee wrote:
>> On 4/24/19, David Wright <deblis@xxxxxxxxxxxxxxxxx> wrote:
>> > On Tue 23 Apr 2019 at 10:38:41 (-0400), Lee wrote:
>> >> On 4/22/19, David Wright <deblis@xxxxxxxxxxxxxxxxx> wrote:
>> >> > On Sun 21 Apr 2019 at 20:30:53 (-0700), peter@xxxxxxxxxxx wrote:
>> >> >> From: David Wright <deblis@xxxxxxxxxxxxxxxxx>
>> >> >> Date: Sun, 21 Apr 2019 16:13:11 -0500
>> >> >> > Does the behaviour reported in your OP cause you *great* concern?
>> >> >>
>> >> >> No. Just wastes time. Opening a simple local HTML home page
>> >> >> requires
>> >> >> roughly a minute rather than roughly a second.
>> >> >
>> >> > I tend to forget that, because my /etc/hosts file has ~14000 lines,
>> >> > pages appear a lot faster here.
>> >> Have you looked at bind's dns rpz?
>> > Just now.
>> >> http://zytrax.com/books/dns/ch7/rpz.html
>> >> It lets you do things like
>> >> *.2o7.net CNAME .
>> >> *.doubleclick.net CNAME .
>> >> to block entire domains instead of having to list each and every
>> >> hostname in the domain.
>> >> And you can log what is blocked/allowed to make troubleshooting easier
>> > It might be a good *mechanism* for the diversion itself, but AFAICT
>> > it's aimed at the *policy* implementers rather than the end-user.
>> Just out of curiosity - do you think pi-hole is aimed at policy
>> implementers or end users?
> I don't know about their policies, or whether they have any. I've not
> found any description of how you would configure it, only how you
> install it. Do they provide blacklists?
It looks like they give you a default list of lists that you can modify:
> It's also not clear to me where I should install it to. My router
> uses the Google nameservers, and all my machines have the router
> as their nameserver. The router is the only part of the network
> that's always up and running.
I have a server that I leave running all the time; reconfigure your
router to use your dns server instead of google, add a firewall rule
to block all outgoing tcp/udp traffic to port 53 except from the
server & you're done.
> But let me explain what I mean by those terms I used earlier:
> Mechanism: Any method of modifying the result of trying to resolve
> foo.bar to an IP address, irrespective of the specific domainnames
> which somebody has to give to it. My mechanism is resolving to
> Policy implementers: The people who make the decisions about which
> domainnames should have their resolution modified. If you look
> through the reference I gave for the source of my /etc/hosts, you
> can see their policies listed as comments bracketing the sections,
> and they are:
> End-users: The people whose browsing experience are improved by
> the policies selected, and implemented using the chosen mechanism.
>> > The value I get from Dan Pollock is the list of sites rather than the
>> > most elegant mechanism for handling that list. Looking at the comments
>> > in the list, and by comparing evolving versions, it does appear that
>> > Dan actively "opens holes" where people report interference or
>> > difficulties using certain legitimate sites.
But the holes get opened only after someone reports a problem. If
you're using a host file, how do you figure out which host name(s)
being blocked are causing the problem?
I never figured out an easy way to troubleshoot hostfiles & switched
to something that logged what all was blocked and allowed.
>> > Finally, I wouldn't know where to start to compile a list of sites
>> > like that.
>> If you're a business, you can buy access to an rpz feed.
> I'm not, but I take it that different feeds have different policies on
> which sites to include, and come at different prices.
>> If you're a [home?] network admin it's simple enough to enable logging
>> & see what all is allowed that you'd rather have blocked. And/or grab
>> things like Dan Pollock's list and turn them into an rpz file.
> Frankly, I don't want to be bothered with processing the list.
That makes it easy then, stay with what you've got :)