Block Websites With this Simple Magic Spell—dnsmasq
AHJ George
The internet is full of ways to waste time. As an SEO marketer, I can assure you this is intentional.
During my career, I’ve sent millions of you down endless rabbit holes of “content.” I’ve distracted you to no end. I’ve even targeted you individually.
But somewhere along the way, I decided to give up evil magic. I want to become a good witch. So here’s an easy spell for blocking sites that waste your time using
dnsmasq and an entry-level magical summoner’s circle.But why the change of heart?
You are wise to question my bewitching motives. Well, there are many factors.
One good reason to block dumb sites is that future societies will curse the people of today for how we treat the planet — if they can survive lifelong, pollution-induced asthma long enough to curse. They’ll also curse us for how much time we spent looking at wasteful GIFs and taking CO2-belching Zoom calls when we could have been using less data. So many memes, so much atmospheric pollution, and so much wasted potential.
You can use tools like PiHole to block some content. But even without ads and the like, some sites remain distracting enough to threaten your well-being.
This magic recipe isn’t a replacement for tools like PiHole; simply consider it another ethereal page in your grimoire.
Conjuring Requirements
For this hex, you’ll need:
The URL of a site you want to block. We’ll use
nbc.com as an example.A router that supports some form of secure terminal access, like
ssh. You should access the router with a privileged user account, and your OS should have dnsmasq installed. You can get this setup by installing open-source Linux router firmware, such as OpenWRT or DD-WRT for your router model.Your router’s IP address. It should look something like
192.168.1.1.Sufficient
MP, STA, and HP to draw a magic summoner's circle in your own fresh blood. Do not use old blood. Do not use other people's blood. Do not use animals' blood. Do not use simulated blood.Time-sucking Websites Hate How Easy These 4 Steps Are!
1. Connect to the router
We’ll open up a terminal and connect to our router. We’re using
ssh, so that's:ssh super_user@192.168.1.1
2. Edit the dnsmasq configuration file.
dnsmasq configuration file.We open the
dnsmasq configuration file using nano, vi, or whatever terminal editor we've installed:nano /etc/dnsmasq.conf Now, we add a line at the bottom of the file to define a new blocking rule. To block the site
nbc.com, we'd add:address=/nbc.com/127.0.0.1We can write any spoof IP address we desire in the rule. For now, we’ve just gone with the standard loopback address.
You can add an additional line for however many URLs you want to redirect. Each rule must be on its own line.
3. Apply the changes
We should apply the changes by restarting the appropriate service:
/etc/init.d/dnsmasq restartIf your OS uses a different system service manager, like
[systemd](https://systemd.io/), restart the dnsmasq service that way.4. Confirm it worked
Finally, we can try to ping our target site from the router to see if it’s accessible. Before performing steps 1–3, the command
ping nbc.com produced something like this:After performing steps 1–3:
As you can see, the device now assigns a different IP address to the blocked site. You should see something similar when you ping from your local machine.
Be sure to log out of the session when done!
Troubleshooting
My browser doesn’t seem to respect the new dnsmasq rules
dnsmasq rulesThis wasn’t always the case. But over time, browser-smiths have grown more prone to include their own domain resolution rules, “prefetching” features, and other nonsense.
Today, your browser may use a pre-programmed IP address for DNS lookups, like one of the common Google nameservers. It’s up to you whether you want to override such settings.
Here are some helpful pointers: Stackoverflow — Why is Chromium bypassing /etc/hosts and dnsmasq?
Nothing is different after I update and apply my rules.
Try reloading your browser or clearing its cache. If you’ve previously changed your device’s networking settings, make sure the spoof IP address you used in the configuration line
address=/nbc.com/127.0.0.1 is the same as the host IP address your device uses for DNS lookups.I drew the magic summoner’s circle, but my body contained less blood than I expected. I think I’m really low on HP
HPFor legal reasons, I’ll remind you that I never actually told you to draw the circle — I’m just obligated to include it in all tutorials as per my craft. Perhaps you’re lacking
INT in addition to HP? But no matter —slip softly into that silent slumber.That’s All
This method is an easy way to block a site using
dnsmasq. It's not the best for blocking a large number of sites since you have to add a rule for each or use wildcards (see the dnsmasq man page). Still, it’s effective and low-maintenance.Do you like conjuration and technology? Don’t follow me online in search of further power — I may be a good witch, but I’ve got a reputation to uphold, so I can promise only ruin.
Like this project
Posted Sep 20, 2023
I wrote a blog on blocking sites for productivity using open-source router firmware.
