Nameserver/Resolving Improvements about portmaster HOT 7 CLOSED

That was 10 years ago, I think we can close this now.

Bot tried to be funny... :D

Parse and provide /etc/hosts file access: lookup by Domain, lookup by IP

+1 just wanted to open an issue. i had to solve it by custom overrides provided by nextdns.

from portmaster.

That was 10 years ago, I think we can close this now.

from portmaster.

Sorry, issue was closed by misconfigured bot.

from portmaster.

Yes, /etc/hosts support would be nice.

One thing I am thinking about here is how to detect malicious entries - is there an easy and clean way to do it?

For example, only use these entries when the global resolver does not have a record (ie. NXDOMAIN)?
Or simpler, make it opt-in, so devs that want to have it, need to enable it and make sure themselves that everything is OK.

The goal here is protect the average user that has no idea about /etc/hosts.

from portmaster.

only use these entries when the global resolver does not have a record (ie. NXDOMAIN)

I use hosts to override. E.g. when I need to test new server after transfer on production domain before switching DNS.

The goal here is protect the average user that has no idea about /etc/hosts.

BFU has "empty" hosts file only with localhost (which now works somehow, maybe hardcoded). If they use it and don't know what they do they probably try to block access to XYZ Company's Keyservers because thats how you crack XYZ :D

how to detect malicious entries - is there an easy and clean way to do it?

you mean some added by malware or something? i have no idea if this is used for phishing or anything like that.

from portmaster.

I use hosts to override. E.g. when I need to test new server after transfer on production domain before switching DNS.

I see. Which also means we need to reload the file when it changes.

BFU has "empty" hosts file only with localhost (which now works somehow, maybe hardcoded). If they use it and don't know what they do they probably try to block access to XYZ Company's Keyservers because thats how you crack XYZ :D

This should be accomplished with the Portmaster rules instead.

you mean some added by malware or something? i have no idea if this is used for phishing or anything like that.

Malware has done that in the past. Not sure if that is still a thing, as HTTPS has come a long way.

from portmaster.

I am cleaning out old issues. If you feel this issue should not have been closed let me know.

Please keep in mind, the free version of Portmaster only has limited support.
For free users our active Discord community as well as the chat bot are the fastest and best way to get their help. https://discord.gg/safing
If you find our work brings value to you, please consider supporting it by purchasing Plus or Pro Packages https://safing.io/pricing/.
If you are already a subscriber, first Thank You! and also if you want priority support pleas send in an email and let me know your username so I can prioritize your request accordingly.

from portmaster.