Diversion Is it possible to block DNS query type

chongnt

Senior Member
Sorry to bring this topic up again. I'm sure I have read it before but don't seems to have a way to block it. Do we have a way to block it now? Be it by firewall, unbound dns, diversion or any other means?
 

ColinTaylor

Part of the Furniture
What query types are you trying to block and why?
 

chongnt

Senior Member
I'm trying to block query type 65. Reason being some domains in blockinglist are slipping through...
 

ColinTaylor

Part of the Furniture
I'd never heard of the type 65 RR before. Can you give an example query that would return such a record?
 

chongnt

Senior Member
I am actually trying some adblock. I remember this is something Apple introduced since ios 14.

Here are the logs:
Code:
May 26 00:10:57 dnsmasq[27367]: 301 192.168.1.21/53062 query[A] analytics.mobile.yandex.net from 192.168.1.21
May 26 00:10:57 dnsmasq[27367]: 301 192.168.1.21/53062 /opt/share/diversion/list/blockinglist analytics.mobile.yandex.net is 192.168.1.254
May 26 00:10:58 dnsmasq[27367]: 306 192.168.1.21/59897 query[type=65] analytics.mobile.yandex.net from 192.168.1.21
May 26 00:10:58 dnsmasq[27367]: 306 192.168.1.21/59897 forwarded analytics.mobile.yandex.net to 127.0.0.1
 

ColinTaylor

Part of the Furniture
OK thanks. I can't think of a solution for this.

dnsmasq's --dns-rr doesn't support * as a wildcard for the name.

I did notice that you can actually specify any random query type (that isn't answered by dnsmasq) and it will forward it and get a valid reply, which may contain a CNAME which I guess is what you're trying to avoid.

Code:
# dig +short @192.168.1.1 analytics.mobile.yandex.net TYPE65
report.appmetrica.yandex.net.
# dig +short @192.168.1.1 analytics.mobile.yandex.net TYPE999
report.appmetrica.yandex.net.
Code:
May 25 18:45:57 dnsmasq[23522]: query[type=65] analytics.mobile.yandex.net from 192.168.1.10
May 25 18:45:57 dnsmasq[23522]: forwarded analytics.mobile.yandex.net to 9.9.9.9
May 25 18:45:59 dnsmasq[23522]: query[type=999] analytics.mobile.yandex.net from 192.168.1.10
May 25 18:45:59 dnsmasq[23522]: forwarded analytics.mobile.yandex.net to 9.9.9.9
 

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top