Hacker News new | past | comments | ask | show | jobs | submit login

I'm gonna go searching for it but, in the meantime, anyone know the process for submitting a hostname to be added to any of the lists used by PiHole, et al.?

The hostname that Ubiquiti is using -- trace.svc.ui.com -- seems like exactly the thing that should be blocked, IMO.

---

FWIW, if you're using PiHole and want to block these access points from "phoning home", you can simply do the following:

  $ echo server=/trace.svc.ui.com/ | sudo tee /etc/dnsmasq.d/ubiquiti_access_point_phone_home.conf
  $ sudo systemctl restart pihole-FTL.service
This will cause dnsmasq, the underlying resolver, to return NXDOMAIN for any such queries.

---

EDIT:

Apparently the "pihole" utility has functionality built-in to blacklist domains (via /etc/pihole/blacklist.txt). Instead of the above, you can simply use:

  $ pihole -b trace.svc.ui.com
This will result in the IP address "0.0.0.0" being returned (with a TTL of two seconds) for any manually blacklisted hostnames (the same way that PiHole normally responds to queries for blocked domains) although, personally, I still prefer NXDOMAIN.



Use blacklist. I already have to blacklist some Belkin URLs that are constantly pinged.


Using the blacklist is simpler but it uses a two second TTL (bit looks like that can be changed in the 01-pihole.conf file, though).

I'd rather it return NXDOMAIN, though. That's what I had to do to block DNS-over-HTTPS for Firefox.


FWIW, I just tested my Adguard Home by adding trace.svc.ui.com to the filter, and I think it does return NXDOMAIN by default.


adding this to my edgerouter heh.


Don't mess with the generated config file on the EdgeRouter, it'll just get replaced next time you reconfigure it or a firmware update is applied. Just add the following to the config.

set service dns forwarding options server=/trace.svc.ui.com/

Or if you have dns forwarding using the system resolver you could also just add it to the hosts file via something similar to this.

set system static-host-mapping host-name trace.svc.ui.com inet 0.0.0.0


Thanks, I have a lot of these rules already :)




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: