I've recenly installed dnscrypt-proxy. The configuration file for it at /etc/dnscrypt-proxy/dnscrypt-proxy.toml has a blacklist section I'm currently using:
[blacklist]
## Path to the file of blocking rules (absolute, or relative to the same directory as the executable file)
blacklist_file = '/etc/dnscrypt-proxy/CustomIgnores.txt'
I was wondering whether this option replaces the redirects at /etc/hosts? Or that both are used?
What does the /etc/hosts file even belong to? And how does the Blacklist option for dnscrypt even work(I assume it also just redirects to localhost)?
Thanks.
When making DNS queries, the order of lookup is determined via
Name Service Switchconfiguration in/etc/nsswitch.conf. You can check yours via:As an example, it might output the following:
Here
filesrefers to local hosts file (/etc/hosts) and dns refers to the server specified in/etc/resolv.conf. The lookup is processed in the order they are written, therefore/etc/hostswill be processed first in this case. If the domain name is not found in the file, then it will try the server in/etc/resolv.conf.Coming back to your case, if your
nsswitch.conffile hasfilesvalue beforedns, and a particular domain is listed both in/etc/hostsandblacklistentry indnscrypt-proxy.toml, the one in/etc/hostswill precede. Also, if a correponding enty does not exists in/etc/hosts, but in dnscrypt-proxyblacklist, it will result inrefusedresponse. Quoting from dnscrypt-proxy GitHub wiki page:References: