Can pfBlocker Sinkhole an Address? Domain Overrides?
-
Not Host Overrides yet. I'll look into it. Thanks.
Also, I added point 3 above a minute ago. Whitelisting the offenders in pfBlockerNG will hopefully allow the LAN Rule to do the same thing. Sorry.
-
@coffeecup25 I just tried it and it worked, for now. No pfBlocker webpage is delivered, a timeout occurs instead. That seems to be what you want.
-
Thanks A Lot. This could be a big deal for all pfBlockerNG users who use Roku and hate all the pollution Roku adds to LAN traffic.
-
@coffeecup25 said in Can pfBlocker Sinkhole an Address? Domain Overrides?:
who use Roku and hate all the pollution Roku adds to LAN traffic.
I never heard of that problem, maybe there are other ways to cope with this.
-
A review of your block logs will show lots and lots of calls to a select few Roku addresses. pfBlockerNG logs are not as clear as Pihole logs nor as comprehensive. Pihole shows blocked and passed DNS queries. pfBlockerNG only shows blocked, although that should be enough for this purpose.
Most people don't care, I assume, if the network works OK. But Pihole's more comprehensive logs show how badly Roku pollutes the LAN. I never saw it until I switched over to Pihole a few years ago.
AdGuard Home has nice looking screens, but my short visit to AdGuard Home showed Pihole was more granular, just not as pretty.
If I get the Linux servers working (one main home server and one for backup) then Pihole should be rock solid compared to using a Hyper-V VM. pfBlockerNG will be for last line failover. Under Hyper-V, both Pihole servers failed and the network when down. Never again. Hyper-V is a nice, but Windows makes it too unreliable with all the ads it pushes as it forces unattended reboots.
-
@Bob-Dig yeah. Same.
I’ll be honest with you I’ve never had a problem on my LAN blocking Roku telemetry. Nothing is slow. Monitoring shows traffic avg around 120Mb each day. Guess I’m…. Lucky?
-
I agree that the roku blocked address flood does not slow things down noticeably. But it's pollution when you can see a list of every address passed or blocked during a set time period. Especially if you have more than 1 roku device in the house. A large percentage of the entire Lan traffic is a select few roku blocked addresses for a few seconds all day long. Pihole even gives out '1000 dns query warnings' sometimes on my LAN - or at least did until I figured out how to trick Roku. I eliminated about 10,000 queries a day by redirecting a few addresses.
However, this flood is not obvious when all you see are blocked addresses. By being able to see passed addresses, by reducing roku dns pollution I can easily see which ones should be blacklisted individually when problems occur, along with which blocks are way too aggressive.
-
@coffeecup25 You could enable "DNS Reply Logging" in pfBlocker for that.
-
Follows is my final solution. It appears to work well.
The problem to solve: pfBlockerNG blocked many addresses repetitively. It appears that 80% of the blocks came from 20% of the dns addresses. I considered that as pollution. Streaming TV is the worst offender.
The objective: Continue blocking these addresses, but take them out of pfBlockerNG so lists show everyone except the usual suspects.
The solution:
- Identify the polluting dns addresses and put them in an alias
- Create a LAN rule that blocks the addresses in the alias from ever leaving the network
- Whitelist the offenders in ofBlockerNG so the LAN rule gets them instead.
Blocking still works very well and pfBlockerNG is bypassed entirely for those addresses.
You must reload DNSBL after these changes for pfBlockerNG to know about them.
-
J jrey referenced this topic on
-
This post is deleted!
