Skip to content

Instantly share code, notes, and snippets.

@bortzmeyer
Created November 11, 2019 10:23
Show Gist options
  • Save bortzmeyer/16341be7f3a62ac879afc58f62e78414 to your computer and use it in GitHub Desktop.
Save bortzmeyer/16341be7f3a62ac879afc58f62e78414 to your computer and use it in GitHub Desktop.
Blocking hidden trackers (Eulerian, Criteo) on Knot Resolver

For the Knot DNS resolver (used for instance on the Turris:

-- https://www.shaftinc.fr/escalade-traque-eulerian.html
policy.add(policy.suffix(policy.DENY, {todname('eulerian.net.')}))
policy.add(policy.suffix(policy.DENY, {todname('dnsdelegation.io.')}))
@bortzmeyer
Copy link
Author

Note that it is not a good solution since (to quote the documentation) "The policy module currently only looks at whole DNS requests. The rules won’t be re-applied e.g. when following CNAMEs." So, it only blocks the initial QNAME while we want to block aliases. For further study.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment