Pi-Hole/docs
1
0
Fork 0
mirror of https://github.com/pi-hole/docs.git synced 2026-02-15 07:26:03 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #20 from pi-hole/ftldns/blockingmode/null

Browse Source 
Add BLOCKINGMODE=NULL documentation
This commit is contained in:
Adam Warner
2018-05-17 16:02:37 +01:00
committed by GitHub
parent 05c0805be7 db4e617baf
commit 2e9f307b98
1 changed files with 25 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
docs/ftldns/blockingmode.md
View File

@@ -1,6 +1,8 @@
Pi-hole *FTL*DNS supports two different methods for blocking queries. Both have their advantages and drawbacks. They are summarized on this page. The blocking mode can be configured in `/etc/pihole/pihole-FTL.conf`.
## Pi-hole's IP based blocking
This setting can be updated by sending `SIGHUP` to `pihole-FTL` (`sudo killall -SIGHUP pihole-FTL`).
## Pi-hole's IP blocking
`/etc/pihole/pihole-FTL.conf` setting:
```
BLOCKINGMODE=IP
@@ -23,7 +25,7 @@ doubleclick.net. 2 IN AAAA fda2:2001:4756:0:ab27:beff:ef37:
- Requires a webserver to run on your Pi-hole
- May cause time-outs for HTTPS content even with properly configured firewall rules
## Pi-hole's NXDOMAIN based blocking
## Pi-hole's NXDOMAIN blocking
`/etc/pihole/pihole-FTL.conf` setting:
```
BLOCKINGMODE=NXDOMAIN
@@ -43,4 +45,25 @@ Queries will be answered with an empty response (no answer section) and status `
##### Disadvantage
- Blocking page cannot be shown and whitelisting has to be performed from the dashboard or CLI
## Pi-hole's unspecified IP blocking
`/etc/pihole/pihole-FTL.conf` setting:
```
BLOCKINGMODE=NULL
```
Queries will be answered with the unspecified address
```
;; QUESTION SECTION:
;doubleclick.net. IN ANY
;; ANSWER SECTION:
doubleclick.net. 2 IN A 0.0.0.0
doubleclick.net. 2 IN AAAA ::
```
Following [RFC 3513, Internet Protocol Version 6 (IPv6) Addressing Architecture, section 2.5.2](https://tools.ietf.org/html/rfc3513#section-2.5.2), the address `0:0:0:0:0:0:0:0` (or `::` for short) is the unspecified address. It must never be assigned to any node and indicates the absence of an address. Following [RFC1122, section 3.2](https://tools.ietf.org/html/rfc1122#section-3.2), the address `0.0.0.0` can be understood as the IPv4 equivalent of `::`.
##### Advantages & Disadvantages
Similar to `NXDOMAIN` blocking. However, it is more experimental than `NXDOMAIN` as it is not clear if all clients behave correctly when receiving these addresses.
{!abbreviations.md!}