Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Blocking hidden trackers (Eulerian, Criteo) on Knot Resolver

For the Knot DNS resolver (used for instance on the Turris:

-- https://www.shaftinc.fr/escalade-traque-eulerian.html
policy.add(policy.suffix(policy.DENY, {todname('eulerian.net.')}))
policy.add(policy.suffix(policy.DENY, {todname('dnsdelegation.io.')}))
@bortzmeyer

This comment has been minimized.

Copy link
Owner Author

bortzmeyer commented Nov 12, 2019

Note that it is not a good solution since (to quote the documentation) "The policy module currently only looks at whole DNS requests. The rules won’t be re-applied e.g. when following CNAMEs." So, it only blocks the initial QNAME while we want to block aliases. For further study.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.