The internet is full of ways to waste time. As an SEO marketer, I can assure you this is intentional.
During my career, I’ve sent millions of you down endless rabbit holes of “content.” I’ve distracted you to no end. I’ve even targeted you individually.
But somewhere along the way, I decided to give up evil magic. I want to become a good witch. So here’s an easy spell for blocking sites that waste your time using dnsmasq
and an entry-level magical summoner’s circle.
But why the change of heart?
You are wise to question my bewitching motives. Well, there are many factors.
One good reason to block dumb sites is that future societies will curse the people of today for how we treat the planet — if they can survive lifelong, pollution-induced asthma long enough to curse. They’ll also curse us for how much time we spent looking at wasteful GIFs and taking CO2-belching Zoom calls when we could have been using less data. So many memes, so much atmospheric pollution, and so much wasted potential.
You can use tools like PiHole to block some content. But even without ads and the like, some sites remain distracting enough to threaten your well-being.
This magic recipe isn’t a replacement for tools like PiHole; simply consider it another ethereal page in your grimoire.
For this hex, you’ll need:
nbc.com
as an example.ssh
. You should access the router with a privileged user account, and your OS should have dnsmasq
installed. You can get this setup by installing open-source Linux router firmware, such as OpenWRT or DD-WRT for your router model.192.168.1.1
.MP
, STA
, and HP
to draw a magic summoner's circle in your own fresh blood. Do not use old blood. Do not use other people's blood. Do not use animals' blood. Do not use simulated blood.
We’ll open up a terminal and connect to our router. We’re using ssh
, so that's:
ssh super_user@192.168.1.1
dnsmasq
configuration file.We open the dnsmasq
configuration file using nano
, vi
, or whatever terminal editor we've installed:
nano /etc/dnsmasq.conf
Now, we add a line at the bottom of the file to define a new blocking rule. To block the site nbc.com
, we'd add:
address=/nbc.com/127.0.0.1
We can write any spoof IP address we desire in the rule. For now, we’ve just gone with the standard loopback address.
You can add an additional line for however many URLs you want to redirect. Each rule must be on its own line.
We should apply the changes by restarting the appropriate service:
/etc/init.d/dnsmasq restart
If your OS uses a different system service manager, like[systemd](https://systemd.io/)
, restart the dnsmasq
service that way.
Finally, we can try to ping our target site from the router to see if it’s accessible. Before performing steps 1–3, the command ping nbc.com
produced something like this:
super_user@router:~# ping nbc.com PING nbc.com (184.28.78.19): 56 data bytes
64 bytes from 184.28.78.19: seq=0 ttl=54 time=18.944 ms
64 bytes from 184.28.78.19: seq=1 ttl=54 time=14.686 ms
^C--- nbc.com ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 14.686/16.815/18.944 ms
After performing steps 1–3:
super_user@router:~# ping nbc.com PING nbc.com (127.0.0.1): 56 data bytes
64 bytes from 127.0.0.1: seq=0 ttl=64 time=0.859 ms
64 bytes from 127.0.0.1: seq=1 ttl=64 time=0.265 ms
64 bytes from 127.0.0.1: seq=2 ttl=64 time=0.614 ms
^C
--- nbc.com ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 0.265/0.579/0.859 ms
As you can see, the device now assigns a different IP address to the blocked site. You should see something similar when you ping from your local machine.
Be sure to log out of the session when done!
dnsmasq
rulesThis wasn’t always the case. But over time, browser-smiths have grown more prone to include their own domain resolution rules, “prefetching” features, and other nonsense.
Today, your browser may use a pre-programmed IP address for DNS lookups, like one of the common Google nameservers. It’s up to you whether you want to override such settings.
Here are some helpful pointers: Stackoverflow — Why is Chromium bypassing /etc/hosts and dnsmasq?
Try reloading your browser or clearing its cache. If you’ve previously changed your device’s networking settings, make sure the spoof IP address you used in the configuration line address=/nbc.com/127.0.0.1
is the same as the host IP address your device uses for DNS lookups.
HP
For legal reasons, I’ll remind you that I never actually told you to draw the circle — I’m just obligated to include it in all tutorials as per my craft. Perhaps you’re lacking INT
in addition to HP
? But no matter —slip softly into that silent slumber.
This method is an easy way to block a site using dnsmasq
. It's not the best for blocking a large number of sites since you have to add a rule for each or use wildcards (see the dnsmasq
man page). Still, it’s effective and low-maintenance.
Do you like conjuration and technology? Don’t follow me online in search of further power — I may be a good witch, but I’ve got a reputation to uphold, so I can promise only ruin.