AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |
Back to Blog
Adguard theregister12/14/2023 When it sees the CNAME, it checks whether the target is in the block list.Įven at the DNS blocking level, being able to inspect CNAME targets is relatively new. > and a 2nd that resolves to 8.8.9.9, which will be blocked because of 1) devious.tld or 8.8.0.0/16?Īs above no, but this is how the adblocker extensions that support CNAME blocking achieve this. ![]() Of course, you *might* be running a recursor on your own machine, which changes things, but most users aren't, or are but have configured forwarding, so the query still goes out to another recursor which does all the work (doesn't stop their local recursor inspecting the response and blocking, of course). Only one DNS query ever leaves your system - for - it's the recursor that follows the CNAME (hence recursor). The response you get will be something likeĭ IN CNAME Your browser will connect out to the IP in the A record ![]() Google will then reply to you with the two records Those authoritatives will return a response (lets say 1 A record) Google will then go find the authoritatives for devious.tld and query adserver The authoritatives will reply with CNAME ![]() Google will go and find the authoritatives for firstparty.tld and query deviouscname Your OS will send a query to your configured recursor (lets say google, 8.8.8.8) for won't my system make 2 dns reqeusts: the first for which returns, and a 2nd that resolves to 8.8.9.9, which will be blocked because of 1) devious.tld or 8.8.0.0/16?Īssuming you've an even semi-standard setup on your OS, no.
0 Comments
Read More
Leave a Reply. |