Can't figure out how to block snoop/spam domains



  • I tried to set up rules to block a number of snoop/spam domains belonging to google, amazon, et al. that permanently attach themselves to a tcp port.  But, perhaps because I'm out of practice, I can't seem to do it.

    The problem seems to be that the rule interface won't accept a DNS alias, e.g. "cloudfront.net", as a valid identifier.


  • LAYER 8 Global Moderator

    cloudfront.net is not a valid FQDN that would resolve to an IP, so how can it be used in a rule that would need an IP?

    ;; QUESTION SECTION:
    ;cloudfront.net.                        IN      A

    ;; AUTHORITY SECTION:
    cloudfront.net.        60      IN      SOA    ns-418.awsdns-52.com. hostmaster.cloudfront.net. 1377556270 16384 2048 1048576 60

    You can use a fqdn in an alias all you want, but it needs to resolve to an actual IP



  • ah, you're right – I didn't even try to ping it, I just presumed it was real since netstat presented the name rather than an ip addr.

    Testing, I find that they use scratch node identifiers, which would appear to make rule maintenance impossible