Tag Archives: dns

Block Advertisements in ANY Browser via /etc/hosts

25 Replies

I have been getting more and more tired of Firefox lately. Tired of the bloat. The unreliability. The gecko engine. I’ve been tinkering with alternate browsers such as Midori (which is *great*, assuming you can get >=0.1.6), Arora and Chromium. I think WebKit is the browser engine of the future, and with these browsers it is nearly a reality. They are still a little rough around the edges, but I can honestly see one of them absolutely taking off by the end of this year. Firefox, prepare to be dethroned!

The one missing link in most users transition to a new browser however is their reliability on extensions. I know I have a few extensions that I really don’t like to live without. I bet you do as well. Let me guess what your number one extension is? AdBlock Plus? So, if these new browsers don’t have an extension architecture (yet), how can I block ads? You can use your /etc/hosts file.

Let me tell you, quickly, about the /etc/hosts file for those that may not be familiar. The /etc/hosts file is the predecessor to the DNS system that we use now. It is a local mapping of IP address to hostname. At this point, as we now rely on DNS, the /etc/hosts file is generally pretty empty. You’ll likely just have entries that make sure your machine can find itself by localhost or hostname. Something along the lines of:

127.0.0.1    localhost  hostname

Now, you might be thinking “How am I going to block all the internets advertisements if my /etc/hosts file looks like that?” Well, you won’t, if it just looks like that. I have a solution for you though, and it requires very little work on your part.

In searching for a solution I have come across an /etc/hosts file that is (minus comments) 15,169 lines long. That’s right. Fifteen thousand one hundred sixty nine lines long. That is a lot of mapped IP addresses! What someone has done is collect every nasty thing he could find into the hosts file, and map it to 127.0.0.1.

What does that actually mean? It means that anytime your browser is told to display an ad it’ll need to look up the address. The /etc/hosts file is checked first before DNS, which then tells it to ask the local machine. The local machine, of course, does not have that information to display and therefore nothing is displayed. Bingo! No more ads.

But wait, there’s more! This not only applies to blocking ads, but also banners, 3rd party cookies, 3rd party page counters, web bugs, and even most hijackers. You’re not only blocking advertisements, you’re outright blocking thousands of known problematic and malicious websites. And all this without requiring a single Firefox extension. It works in ANY browser.

So, I hope you’re wondering where you can get a copy of this magical file that solves all of the worlds woes. Well you can get it here of course!

disclaimer: I am not the original author of this file, but it has been published under a CC-BY-SA license and under that license I am redistributing it. Attribution is contained within the file itself.

sudo mv /etc/hosts /etc/hosts.orig

sudo wget -c http://zelut.org/projects/misc/hosts -O /etc/hosts

These commands will move your original file as a backup and then pull the file from the web, putting it directly where it needs to go. You should be ready-set-protected after completion of the second command. Pull up a browser (hopefully you’ll try something other than Firefox), and give it a try.

If you have anything to add or subtract from the hosts file, you may edit it directly with a text editor. If you’d like to share your changes with the rest of us you may email me your update in the form of a patch. Please make sure your patch is created against the latest version.

I hope this solution works for many of you towards trying out and helping improve alternate browsers. Again, I highly suggest Midori or Arora as GTK or Qt (respectively) WebKit based browsers.

Help Needed: Auto-Configure Proxy Settings via DHCP

14 Replies

At home I run my own DHCP, DNS and Squid proxy. I implemented the proxy because my DSL connection is pretty bad and anything I can do to improve that goes a long way.  Now my proxy works fine, but the issue that I’m running into is having it auto-configure the browser(s) on each machine in the house. It doesn’t do me any good to be running a proxy if it doesn’t actually get used.

Can anyone outline for me, or point me to a reliable resource, on how to automagically configure proxy settings via DHCP.  I have spent some time googling this but nothing has worked so far. Either the pages I found were out dated or missing information. Basically I would like any browsing within the LAN to go through the proxy. This will include Firefox, Safari and Epiphany browsers.

Thanks in advance.

DNS Hiccup

Leave a reply

We had a DNS hiccup overnite. My apologies. There always seems to be something that gets missed when doing a server migration. Turns out, when I cut off the old server, there were still DNS entries pointed there that I had missed. I believe this problem has been solved. Again, my apologies for the downtime.

Server Migration Complete

5 Replies

Well it appears that the server migration is complete, and so far I am very happy with the results.  First of all, I don’t think there was much downtime, if any at all.  The only oddity that I encountered was regarding DNS propogation, and there is only so much you can do about that.  Here is basically what I’ve setup:

  • lighttpd + fastcgi + xcache : very efficient web server + virtual hosts
  • bind9 : slave server (ns3)
  • postfix + postgrey : mail relay (mx3)
  • mysql + tuning-primer.sh : well tuned database backend

So far I am very impressed with the setup at linode.  They have a really nice web management tool and they are very responsive to questions and support.  The price is affordable as well–I hope the performance I’ve been seeing keeps up.  So far all four processors sit idling the majoritiy of the day, and RAM sits at about 200M/360M total.  That was unheard of with my previous setup using Apache, and I wasn’t running BIND previously either.  I think I’m sold on lighttpd!

Please let me know if you encounter any oddities with the site.  Thank you – Christer

Tunnel Web and DNS Traffic Over SSH

7 Replies

I have been tunneling all of my web traffic over an encrypted SSH connection for some time now. Considering the fact that I travel a lot, I’m very regularly on untrusted, insecure networks. I prefer to secure those connections (web, IM, email, etc) by creating an encrypted SSH connection and pushing the traffic through it. Today I also found a method for also pushing DNS requests through the same tunnel. This ensures total privacy between yourself and the SSH dedicated server.

Step 1: Creating the Tunnel

Creating this private connection you’ll need a remote SSH server to connect to. Mine runs at home in my garage on an old Pentium III 500MHz box (yeah, the kind most people threw away long, long ago!). I connect to this tunnel using:

ssh -D 8080 -fN user@server

This creates a SOCKS compatible proxy, which is a requirement of the DNS forwarding. Other methods on the interwebs suggest using ssh -L or similar, which are not SOCKS compatible proxies.

Step 2: Forwarding DNS

If you’d like to also forward your DNS requests (ie; the site addresses you type into your browser), you’ll need to change a setting in Firefox. This can be done by accessing the address about:config, and entering this string into the configuration:

network.proxy.socks_remote_dns

Change this value to “true”.

Step 3: Using the Tunnel

The last step is to configure your browser to use these new settings. In Firefox 3 (I hope you’ve upgraded by now), you can activate/toggle these settings via:

Edit > Preferences > Advanced > Network > Settings

Select “Manual Proxy Configuration” and add localhost to the “SOCKS Host:” field, followed by port 8080 (assuming you’ve used the port in the example above).

configure proxy in firefox

This will then forward your web traffic through the SSH tunnel and DNS requests will also be forwarded.

You may want to check out the FoxyProxy plugin for a simpler way of toggling this on & off.

To deactivate the tunneling and use the local DNS again simply revert Step 3 back to “Direct Connection to the Internet”.

Enhance Your Network Connection With OpenDNS

11 Replies

I blogged about openDNS last year, but recently I was reminded about how nice this service is.  OpenDNS can do a number of things for your network connection, either residential or commercial.  If you’d like to hear more about OpenDNS please visit the OpenDNS site.

Using OpenDNS on Ubuntu 8.04

There are two ways to activate OpenDNS on Ubuntu 8.04.  Graphically or via the CLI.  I’ll outline both.

Using the graphical method you’ll need to navigate to “System > Admin > Network”, and select the “DNS” tab.  You will need to unlock access to make changes by selecting the “Unlock” button.  Once it has been unlocked you can “Add” additional DNS Servers.  Add the following two addresses to your list:

208.67.222.222
208.67.220.220

To do the same via the command line simply add the following line to the end of the file /etc/dhcp3/dhclient.conf:

prepend domain-name-servers 208.67.222.222,208.67.220.220;

For information on configuring OpenDNS on your router or DNS Server see the getting started with OpenDNS page.

You can also verify that you’re using OpenDNS by visiting this URL:

http://welcome.opendns.com

How To Setup OpenDNS On Ubuntu

17 Replies

I had heard about OpenDNS a while ago but for some reason never looked much into it. A magazine article tonight reminded me about OpenDNS so I thought I’d take a look. Well, I’m happy that I did so far. I thought I would outline a few steps for you to get OpenDNS setup on your machine.

First, what is OpenDNS?

OpenDNS is a better DNS, free to all. OpenDNS uses its distributed network of DNS servers to speed up your Internet experience, increase reliability, improve security and make DNS smarter for users all over the world.

Basically you can stop using your ISPs DNS, which can often be slower or unreliable, and use this instead. Here is how to set it up on an Ubuntu machine. You can see the Ubuntu setup instructions on the OpenDNS site if you’d like more information.

sudo cp /etc/resolv.conf /etc/resolv.conf.auto

sudo gedit /etc/dhcp3/dhclient.conf

Look for the below line, which will be commented, and match this setting.

# append the following line to the document
prepend domain-name-servers 208.67.222.222,208.67.220.220;

Once your entry matches this you will want to save the file and restart networking using a command such as the one below.

sudo ifdown eth0 && sudo ifup eth0

You can then visit this address to verify that you’re using the new OpenDNS service.

http://welcome.opendns.com