How to test blocking domains without running Update / Force.
-
I'm trying to identify domains serving ads for my Android device.
And I think I'm going about it the hard way.
- Get PCAP using ntopng
- Open PCAP using Wireshark, filter for DNS and check what's happening.
(Used an old phone with only the one app I wanted to investigate) - I have a few DNSBL Feeds (BBCan177 and OISD), but for this process I'm using a custom feed without an actual URL, just using the Custom Block List.
- Save.
- It appears I need to choose Update with the 'Reload' option
- Restart phone to flush DNS.
- Test if app is still serving ads.
Step 5 seems like I'm spamming BBCan177 and OISD unnecessarily, while trying to weed out the specific domains I might need to add one, remove it, add another, remove, add a diff one.
Any suggestions on a more streamlined way to do this?
-
@handradish said in How to test blocking domains without running Update / Force.:
I'm trying to identify domains serving ads for my Android device.
And I think I'm going about it the hard way.
- Get PCAP using ntopng
- Open PCAP using Wireshark, filter for DNS and check what's happening.
(Used an old phone with only the one app I wanted to investigate) - I have a few DNSBL Feeds (BBCan177 and OISD), but for this process I'm using a custom feed without an actual URL, just using the Custom Block List.
- Save.
- It appears I need to choose Update with the 'Reload' option
- Restart phone to flush DNS.
- Test if app is still serving ads.
Step 5 seems like I'm spamming BBCan177 and OISD unnecessarily, while trying to weed out the specific domains I might need to add one, remove it, add another, remove, add a diff one.
Any suggestions on a more streamlined way to do this?
Couple of tricks:
1: I pfBlockerNG there is a “log DNS Reply” option which will log all DNS requests from clients. Enable that, and on the reporting tab set up a dynamic view that autorefreshes with your clientsIP Addr. Only. Then you have a live view of resolution attemps.
2: When wanting to testblock a DNS name, just add it manually to the “Host override” list in SERVICES -> DNS RESOLVER. Make it point to the Virtual IP you set up the pfBlocker webservice with.
You can add/subtract to that list very quickly, and it has nothing to do with pfBlockerNG, so it does not take a timeconsuming reload. -
@keyser Thank you very much!