Some sites will generate queries to other domains for tracking purposes of various sorts. These queries tend to slow down the browser experience: a) the dns lookup itself takes time, then b) the round trip time to perform whatever nefarious action takes time.
To prevent some of these 'unneeded' or 'un-necessary' queries, it is possible to block them with a tool called pi-hole. It bills itself as "a black hole for internet advertisements".
It does indeed help speed up the browser experience.
The installation is relatively painless. I use a local package proxy using apt-cacher-ng, so I am recording my use of the changed sources list file, so I can remember it next time. In addition, the script doesn't seem to correctly configure php, so it fails once. I do a dummy install command with dnsmasq to get settings updated. Then run the script again, and it runs to completion.
sed -i 's_//deb_//<ip address>:3142/deb_' /etc/apt/sources.list sed -i 's_//sec_//<ip address>:3142/sec_' /etc/apt/sources.list cat /etc/apt/sources.list apt update apt install curl curl -sSL https://install.pi-hole.net | bash apt install dnsmasq curl -sSL https://install.pi-hole.net | bash
The end result is some text supplying a url for the administration interface, a password and a command to change the password:
pihole -a -p
A web page with Block Lists for Pi-Hole: CryptoAUSTRALIA's Favourite Block Lists
2018/01/09: Ad and tracking blocking dnsmasq-ready blocklists: (github.com)
2018/08/17 Domain Name Service Response Policy Zones (DNS RPZ) is a method that allows a nameserver administrator to overlay custom information on top of the global DNS to provide alternate responses to queries. It is currently implemented in the ISC BIND nameserver (9.8 or later). Another generic name for the DNS RPZ functionality is "DNS firewall".
- Project Tar
- No Listing - Poor Man's Greylisting
- spam trap - multi-threaded daemon that provides a RFC 2821 compliant SMTP service that always returns a 4xx soft error or 5xx hard error to the RCPT TO verb.
- Set up a SMTP decoy: I have used this one. Modify it to issue 5xx permanenet errors instead of 4xx retry errors.
-
http://smtptrapd.sourceforge.net/
- Install it on one of your hosts you have control over.
- *MOST IMPORTANT* firewall block it, only *allowing* the spammer's MX to talk to your trap server.
- Change your MX records to insert the SMTP trap host as your preferred MX ahead of your real MX.
- dns rate limit