Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

It's a shame /etc/hosts doesn't support wildcards

0.0.0.0 *.facebook.com



You might want to take a look at dnsmasq. It's a nice choice for when you want a DNS server but BIND is overkill.


You could sort of work around that by just blocking their IP ranges:

https://stackoverflow.com/a/11164738


The ranges could change over time.

If you run your own DNS resolver you can use the wildcard trick.

Something like this in an RPZ zone should do it:

    facebook.com    IN CNAME .
    *.facebook.com  IN CNAME .
    facebook.net    IN CNAME .
    *.facebook.net  IN CNAME .
    fbcdn.com       IN CNAME .
    *.fbcdn.com     IN CNAME .
    fbcdn.net       IN CNAME .
    *.fbcdn.net     IN CNAME .
    fb.com          IN CNAME .
    *.fb.com        IN CNAME .
    fb.me           IN CNAME .
    *.fb.me         IN CNAME .
    tfbnw.com       IN CNAME .
    *.tfbnw.com     IN CNAME .


    *.facebook.com IN CNAME .
should be unnecessary since the DNS zone above it, facebook.com is already CNAME'd. Most resolvers will take a CNAME as "any further requests go to here", which to my experience usually includes NS servers.

(This is also why you don't CNAME your root domain, CNAME conflicts with any other record type)


What software actually parses /etc/hosts, at least on Linux?


> What software actually parses /etc/hosts, at least on Linux?

glibc resolver

A good entry point for reading more about it:

$ man nsswitch.conf

If your /etc/nsswitch.conf file's "hosts" line contains the keyword "files", then it potentially uses /etc/hosts. If "files" is first (typical default config), it looks there first, before the other places listed.

This is done under the hood when programs use resolver functions like gethostbyname or getaddrinfo.


You can see this in action on musl source code, which is arguably a much more readily understandable implementation of libc:

- Function that actually parses /etc/hosts is name_from_hosts(), implemented here: http://git.musl-libc.org/cgit/musl/tree/src/network/lookup_n...

- Which is called by __lookup_name() on the same file: http://git.musl-libc.org/cgit/musl/tree/src/network/lookup_n...

- Which is, in turn, called directly from getaddrinfo() [http://git.musl-libc.org/cgit/musl/tree/src/network/getaddri...], the actual function exposed to you as libc user.


you can do this with a DNS zonefile at your local resolver, though.


That would only slightly help considering they own so many TLD’s.


Looking at that lists it'd be 16 wildcard entries vs. 895 hostnames. A significant improvement.


I don't use that list, I use Steven Black's [1] list has 1004 entries which is more complete than this list. It would be less, but more than 16. Even at that, you're right it would definitely reduce the size.

- [1] https://github.com/StevenBlack/hosts/


It'd be more future-proof too.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: