From f97442a8170398c5e4d965191720fe21d9f556ae Mon Sep 17 00:00:00 2001 From: DL6ER Date: Sun, 13 May 2018 12:30:43 +0200 Subject: [PATCH 1/3] Add BLOCKINGMODE=NULL documentation Signed-off-by: DL6ER --- docs/ftldns/blockingmode.md | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/docs/ftldns/blockingmode.md b/docs/ftldns/blockingmode.md index 9c818ba..8a86e4f 100644 --- a/docs/ftldns/blockingmode.md +++ b/docs/ftldns/blockingmode.md @@ -1,5 +1,7 @@ Pi-hole *FTL*DNS supports two different methods for blocking queries. Both have their advantages and drawbacks. They are summarized on this page. The blocking mode can be configured in `/etc/pihole/pihole-FTL.conf`. +This setting can be updated by sending `SIGHUP` to `pihole-FTL` (`sudo killall -SIGHUP pihole-FTL`). + ## Pi-hole's IP based blocking `/etc/pihole/pihole-FTL.conf` setting: ``` @@ -43,4 +45,25 @@ Queries DNS queries will be answered with an empty response (no answer section) ##### Disadvantage - Blocking page cannot be shown and whitelisting has to be performed from the dashboard or CLI +## Pi-hole's `NULL` IP based blocking +`/etc/pihole/pihole-FTL.conf` setting: +``` +BLOCKINGMODE=NULL +``` + +Queries will be answered with the local IP addresses of your Pi-hole (as configured in your `setupVars.conf` file) +``` +;; QUESTION SECTION: +;doubleclick.net. IN ANY + +;; ANSWER SECTION: +doubleclick.net. 2 IN A 0.0.0.0 +doubleclick.net. 2 IN AAAA :: +``` + +Following [RFC 3513, Internet Protocol Version 6 (IPv6) Addressing Architecture, section 2.5.2](https://tools.ietf.org/html/rfc3513#section-2.5.2), the address `0:0:0:0:0:0:0:0` (or `::` for short) is the unspecified address. It must never be assigned to any node and indicates the absence of an address. Following [RFC1122, section 3.2](https://tools.ietf.org/html/rfc1122#section-3.2), the address `0.0.0.0` can be understood as the IPv4 equivalent of `::`. + +##### Advantages & Disadvantages +Similar to `NXDOMAIN` blocking. However, it is more experimental than `NXDOMAIN` as it is not clear if all clients behave correctly when receiving these addresses. + {!abbreviations.md!} From e333932705015b121f804dd0ff826267120be9fe Mon Sep 17 00:00:00 2001 From: DL6ER Date: Thu, 17 May 2018 16:55:16 +0200 Subject: [PATCH 2/3] Worked on review comments Signed-off-by: DL6ER --- docs/ftldns/blockingmode.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/docs/ftldns/blockingmode.md b/docs/ftldns/blockingmode.md index 8a86e4f..3735cbf 100644 --- a/docs/ftldns/blockingmode.md +++ b/docs/ftldns/blockingmode.md @@ -2,7 +2,7 @@ Pi-hole *FTL*DNS supports two different methods for blocking queries. Both have This setting can be updated by sending `SIGHUP` to `pihole-FTL` (`sudo killall -SIGHUP pihole-FTL`). -## Pi-hole's IP based blocking +## Pi-hole's IP blocking `/etc/pihole/pihole-FTL.conf` setting: ``` BLOCKINGMODE=IP @@ -25,7 +25,7 @@ doubleclick.net. 2 IN AAAA fda2:2001:4756:0:ab27:beff:ef37: - Requires a webserver to run on your Pi-hole - May cause time-outs for HTTPS content even with properly configured firewall rules -## Pi-hole's NXDOMAIN based blocking +## Pi-hole's NXDOMAIN blocking `/etc/pihole/pihole-FTL.conf` setting: ``` BLOCKINGMODE=NXDOMAIN @@ -45,13 +45,13 @@ Queries DNS queries will be answered with an empty response (no answer section) ##### Disadvantage - Blocking page cannot be shown and whitelisting has to be performed from the dashboard or CLI -## Pi-hole's `NULL` IP based blocking +## Pi-hole's unspecified IP blocking `/etc/pihole/pihole-FTL.conf` setting: ``` BLOCKINGMODE=NULL ``` -Queries will be answered with the local IP addresses of your Pi-hole (as configured in your `setupVars.conf` file) +Queries will be answered with the unspecified address ``` ;; QUESTION SECTION: ;doubleclick.net. IN ANY From db4e617bafd8919a5fc50224f4cce817f2f2174f Mon Sep 17 00:00:00 2001 From: DL6ER Date: Thu, 17 May 2018 16:59:56 +0200 Subject: [PATCH 3/3] Grammar fix Signed-off-by: DL6ER --- docs/ftldns/blockingmode.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/ftldns/blockingmode.md b/docs/ftldns/blockingmode.md index 3735cbf..b3b5ab4 100644 --- a/docs/ftldns/blockingmode.md +++ b/docs/ftldns/blockingmode.md @@ -30,7 +30,7 @@ doubleclick.net. 2 IN AAAA fda2:2001:4756:0:ab27:beff:ef37: ``` BLOCKINGMODE=NXDOMAIN ``` -Queries DNS queries will be answered with an empty response (no answer section) and status `NXDOMAIN` (*no such domain*) +Queries will be answered with an empty response (no answer section) and status `NXDOMAIN` (*no such domain*) ``` ;; QUESTION SECTION: ;doubleclick.net. IN ANY