Block Websites With this Simple Magic Spell—dnsmasq

AHJ George

IT Specialist

SEO Specialist

Technical Writer

Bash

Linux

The internet is full of ways to waste time. As an SEO marketer, I can assure you this is intentional.

During my career, I’ve sent millions of you down endless rabbit holes of “content.” I’ve distracted you to no end. I’ve even targeted you individually.

But somewhere along the way, I decided to give up evil magic. I want to become a good witch. So here’s an easy spell for blocking sites that waste your time using dnsmasq and an entry-level magical summoner’s circle.

But why the change of heart?

You are wise to question my bewitching motives. Well, there are many factors.

One good reason to block dumb sites is that future societies will curse the people of today for how we treat the planet — if they can survive lifelong, pollution-induced asthma long enough to curse. They’ll also curse us for how much time we spent looking at wasteful GIFs and taking CO2-belching Zoom calls when we could have been using less data. So many memes, so much atmospheric pollution, and so much wasted potential.

You can use tools like PiHole to block some content. But even without ads and the like, some sites remain distracting enough to threaten your well-being.

This magic recipe isn’t a replacement for tools like PiHole; simply consider it another ethereal page in your grimoire.

Conjuring Requirements

For this hex, you’ll need:

The URL of a site you want to block. We’ll use nbc.com as an example.

A router that supports some form of secure terminal access, like ssh. You should access the router with a privileged user account, and your OS should have dnsmasq installed. You can get this setup by installing open-source Linux router firmware, such as OpenWRT or DD-WRT for your router model.

Your router’s IP address. It should look something like 192.168.1.1.

Sufficient MP, STA, and HP to draw a magic summoner's circle in your own fresh blood. Do not use old blood. Do not use other people's blood. Do not use animals' blood. Do not use simulated blood.

Time-sucking Websites Hate How Easy These 4 Steps Are!

1. Connect to the router

We’ll open up a terminal and connect to our router. We’re using ssh, so that's:

ssh super_user@192.168.1.1

2. Edit the `dnsmasq` configuration file.

We open the dnsmasq configuration file using nano, vi, or whatever terminal editor we've installed:

nano /etc/dnsmasq.conf

Now, we add a line at the bottom of the file to define a new blocking rule. To block the site nbc.com, we'd add:

address=/nbc.com/127.0.0.1

We can write any spoof IP address we desire in the rule. For now, we’ve just gone with the standard loopback address.

You can add an additional line for however many URLs you want to redirect. Each rule must be on its own line.

3. Apply the changes

We should apply the changes by restarting the appropriate service:

/etc/init.d/dnsmasq restart

If your OS uses a different system service manager, like[systemd](https://systemd.io/), restart the dnsmasq service that way.

4. Confirm it worked

Finally, we can try to ping our target site from the router to see if it’s accessible. Before performing steps 1–3, the command ping nbc.com produced something like this:

super_user@router:~# ping nbc.com PING nbc.com (184.28.78.19): 56 data bytes  
64 bytes from 184.28.78.19: seq=0 ttl=54 time=18.944 ms  
64 bytes from 184.28.78.19: seq=1 ttl=54 time=14.686 ms  
^C--- nbc.com ping statistics ---  
2 packets transmitted, 2 packets received, 0% packet loss  
round-trip min/avg/max = 14.686/16.815/18.944 ms

After performing steps 1–3:

super_user@router:~# ping nbc.com PING nbc.com (127.0.0.1): 56 data bytes
64 bytes from 127.0.0.1: seq=0 ttl=64 time=0.859 ms
64 bytes from 127.0.0.1: seq=1 ttl=64 time=0.265 ms
64 bytes from 127.0.0.1: seq=2 ttl=64 time=0.614 ms
^C
--- nbc.com ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 0.265/0.579/0.859 ms

As you can see, the device now assigns a different IP address to the blocked site. You should see something similar when you ping from your local machine.

Be sure to log out of the session when done!

Troubleshooting

My browser doesn’t seem to respect the new `dnsmasq` rules

This wasn’t always the case. But over time, browser-smiths have grown more prone to include their own domain resolution rules, “prefetching” features, and other nonsense.

Today, your browser may use a pre-programmed IP address for DNS lookups, like one of the common Google nameservers. It’s up to you whether you want to override such settings.

Here are some helpful pointers: Stackoverflow — Why is Chromium bypassing /etc/hosts and dnsmasq?

Nothing is different after I update and apply my rules.

Try reloading your browser or clearing its cache. If you’ve previously changed your device’s networking settings, make sure the spoof IP address you used in the configuration line address=/nbc.com/127.0.0.1 is the same as the host IP address your device uses for DNS lookups.

I drew the magic summoner’s circle, but my body contained less blood than I expected. I think I’m really low on `HP`

For legal reasons, I’ll remind you that I never actually told you to draw the circle — I’m just obligated to include it in all tutorials as per my craft. Perhaps you’re lacking INT in addition to HP? But no matter —slip softly into that silent slumber.

That’s All

This method is an easy way to block a site using dnsmasq. It's not the best for blocking a large number of sites since you have to add a rule for each or use wildcards (see the dnsmasq man page). Still, it’s effective and low-maintenance.

Do you like conjuration and technology? Don’t follow me online in search of further power — I may be a good witch, but I’ve got a reputation to uphold, so I can promise only ruin.

Like this project

Posted Sep 20, 2023

I wrote a blog on blocking sites for productivity using open-source router firmware.

Likes

Views

Clients