Project should not be listed as working on Windows #537
Comments
|
@Michael-Z-Freeman, as @AnonymousPoster said, if you're running Windows and need a solution to handle your hosts file for you and keep everything up to date, etc., definitely head over: As @AnonymousPoster also stated, you can also use a DNS server implementation. And it doesn't have to be an either/or scenario, I use a hosts file blacklist in conjunction with a local DNS server, a local proxy server for additional traffic filtering, browser extensions to further secure Web browsing, along with an assortment of other software and hardware as part of a multi-pronged approach to cover several threat vectors.
|
If it serves a service, it's a server. There are, of course, big differences between the types of DNS servers. For example, BIND also does everything Unbound does, plus is an authoritative server. But they are both DNS servers serving the DNS protocol on port 53. |
Don't get me wrong, I love Cisco. I had to go through all their academy courses just like everyone else to get certified as a network professional. BUT after taking so many of their courses you realize they are also using their courses to advertise at the same time and you just need to balance things out while you read their materials. The link you sent as an explanation is actually just setting you up to better understand Cisco Umbrella's DNS component.
Your statement is inaccurate. That article doesn't explain that it can actually be all a single server, like a single BIND instance can perform recursive and authoritative functions simultaneously. However, for security and performance reasons it is often separated into two separate server instances individually performing either the recursive function or the authoritative function. Cisco's product doesn't do this, so it doesn't talk about that in the article. Basically Cisco's product only does the same things as Unbound, while Unbound and NSD together cover the full spectrum of capabilities possible with BIND. You can configure BIND to do everything at the same time or configure it to do either one or the other. NLnet Labs,the makers of Unbound and NSD, chose a different model from BIND and chose to divide functions into two separate software specializations. Like I said, this offers both security and performance benefits, but it entirely depends on your infrastructure needs. You can think of this similar to how Web servers have become specialized for serving static and dynamic content. Obviously you can choose to configure an Apache or Nginx to serve static and/or dynamic content, it entirely depends on your individual needs. However, this does not mean that you can only use Apache or Nginx as only a static Web server or only as a dynamic application server, although these functions are commonly separated into separate server instances.
As I said above, a BIND server can be configured to allow recursive queries while also being an authoritative server at the same time. This is entirely dependent on infrastructure needs. You cannot say you can only do one or the other with a single server instance, even though it is commonly separated into two distinct functions for security and performance reasons. Having misconceptions like this can cause serious problems when it comes time to design your network. I think the following illustrates the unnecessary headaches this misconception can lead to during network design.
|
|
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. |
|
What might help a little bit is re-writing the Windows version of this file so that nine blocked hostnames exist per line, rather than just one; the reason for not going for more is that Windows ignores any hostnames on a line after the first nine. As for Unix-like systems, I don't think that there's an upper limit, but I experimented with DD-WRT and Ubuntu many years ago and noticed severe slowdowns with a bunch on one line, and then I settled on 24 per line. With that said, I tried this sort of thing out and got a file that was more than 18 times as large as the file I had been using (8.14MiB vs. 237KiB, 42642 lines vs. 1405), so it might still overwhelm the Windows networking stack. |
|
Thanks @stalebot but I would like to keep this open. People should know this information. |
|
@Michael-Z-Freeman @AnonymousPoster @ScriptTiger Thanks for the support and discussion around this subject. We will drop the support of the hosts file for windows once we are ready with our DNS server. @mitchellkrogza and I are moving all our infrastructure/server related to this project around a new host. It may take some time but we will get in there soon. We will keep you informed. It's something we planned for months but it was not mature enough in my opinion. But, as stated, we are getting into it! 😃 Thanks for everything. |
|
Hi hi hiiii! So i just fell for this windows trap! Thanks for the effort of puting this all together. But i just so happened to be using windows 10 and The DNS Client Sevice exploded with having a 10 MB hosts file. i couldnt browse internet (and for some reason i cant explain, even the search bar stopped working, WTF) The DNS Client service was using 10% of my CPU, and since it was using the hosts file, i couldnt edit it back to normal. Had to use this video https://www.youtube.com/watch?v=6HrCqcKF5CY to stop the service so i could edit the hosts file (Trying to delete instead of modifying gave me usefull information about what service was using it)
|
|
I've never had difficulty editing the HOSTS file on account of the DNS Client service, but maybe it's a matter of running Notepad from an elevated Command Prompt; another quick fix is to create a blank text file, copy your HOSTS file somewhere for editing, and then move the blank text file to replace the HOSTS file, and then run |
|
As of #590. You can now use our DNS servers. But I like the idea to have 6-9 per line. It's probably a good idea even if it won't solve all the problem windows users meet. |
|
@friends96 Your idea your PR! I think @spirillen wanted to write something about it too if I don't recall myself 🤔 Anyway, any help/improvement in the README (and everywhere) is welcome! Stay safe and healthy. |
|
I would? After some scratching of my bold (almost) head, I do come up with something about that, but I also remember something about you (@funilrys) was mentioning something about making a new FAQ? not sure whether it was for this repo or one of the other. Hit me up an let's talk about it 😃 👋 |
|
I fell for the trap as well T_T |
|
@AndyClausen THIS might be helpfull for you. |
Assuming that the "DNS service" you're referring to is the "DNS Client"/"dnscache" service, if that is truly your problem, then the common advice would be to just stop that service and disable it. It's a caching service, it is not actually responsible for DNS resolution. You can safely disable it and still resolve DNS entries. The catch is that without the service enabled, you no longer have caching, which means queries must be made to an external DNS service every time rather than to the internal cache, and thus performance is degraded. But some people don't mind the performance hit when balancing it with the security they feel of using a giant hosts file. Another note with Windows 10, there may be permissions barring you from disabling that service. However, there are plenty of how-tos floating around the net and I don't want to promote any individual solution since they can all be dangerous if you don't know what you're doing. So I'll just recommend finding the solution that you feel the most comfortable with on your own. More information on this can also be found in Steven Black's README: |
|
Best explanation so far ☝️ (clear as day 😉 ). Thank you @ScriptTiger 👍 |
|
Yes, it's the "DNS Client" service running through |
|
That's how you learn @AndyClausen,we all been there 😉 |
People who are not "tech savvy," or otherwise don't know what they are doing, really should not be touching the hosts file at all. I can understand that perhaps after researching how common it may seem to modify it, it may make you feel comfortable in manipulating it. However, one must not forget that the hosts file is, in the end, a system file and is rooted into the very core of almost every single modern operating system's networking functionality, including Window, Mac, Linux, Android, etc. The hosts file, in fact, predates DNS and is prioritized higher than DNS, and as such is obviously an extremely crucial and sensitive component. Not to sound flippant, but it can be likened to that of YouTubing brain surgery and thinking yourself qualified just because you watched some how-to videos and feel ready to start going work on someone's brain. I don't think it's every doctor's responsibility to tell everyone not to perform brain surgery if they don't know what they are doing. When you make the decision to self-educate and take matters into your own hands, you must also accept the consequences of your actions should something go wrong if you failed to self-educate sufficiently to properly prepare yourself for whatever action you intended to take when you set out. |
|
Did you just compare editing a hosts file to brain surgery? |
ping @funilrys ☝️ |
You can de facto easily change the search order in linux.... hence change the wait for any of: These settings is normally stored in Whereas:
This means you can set it up to always use DNS only by simply delete files and mdns4(_minimal) from this file. To read a bit more of this you can look at |
|
Warning message added inside the Feel free to @\ping me or reopen if it's not the case within the next 72 hours. |
and others
This is twice I've walked into this trap. I have some memory problems so forgot I tried this project a couple of years ago and had to go into safe mode to fix zero connectivity. Why on earth is this project listed as having an option for Windows when the "solution" is completely non-functional ? As I now remember Windows does not handle the hosts file very well, so why does this project utilise it ? Please remove your claim that this project provides a way to block ads on Windows. If you develop a working solution then I will be more than glad to use it, but for the moment I don't want to have to go into safe mode to fix things. Thank you.
The text was updated successfully, but these errors were encountered: