So I've been trying to block windows telemetry and I don't just trust my hosts file anymore. I will post the list in my next post, however.
What I've done now is set up another pc as a domain name server, running BIND, and have made those same host file entries as zone files. As far as I can test with the terminal and web browser this works.
But if windows ignores DNS too I want to be able to actually block those endpoint IP addresses in a firewall.
I've started researching a good hardware firewall to do this and so far have knocked the Netgear SRX5308 off the list. It has very limited blocking capability I have found. I actually went and bought one for testing but wasn't satisfied with it.
A lot of firewalls have proprietary software on them, as in you need to subscribe and pay for it, which I am hoping to avoid as well (I'm looking at you fortinet).
Anyway the reason I'm posting this here is to see if any other Holla Forumss have set something like this up before and can give me some pointers.
Just virtualize it and have it all in one box. Even an atom class pc would do all you need to do is throw in a second gigabit card. (needs at least 4 gigs of system (non shared with video) ram to use esxi, I like esxi more than kvm or xen, hyper-v is not bad but I'm guessing that's not something you'd be interested in)
I hear good things about vyos but you can even run openwrt or one of its many forks.
I love having a vm machine running all the time. It's my router, my dns, web server, nas, kodi back end, minecraft server, and I got a windows 10 vm on it so I can rdp from my phone when I need a real os but I'm away.
Landon Jones
Why do u have a dns server for?
Jayden Carter
...
Blake Collins
...
Austin Wood
So I can block stuff on all my devices. E.g I can block Facebook with my pc host file, but I can't do that on my phone.
Aiden Ward
You could set up that second PC as a pfSense router, it has a firewall and I'm pretty sure can run BIND.
Jacob Bailey
I have a w7 on this machine without the telemetry updates. However I have a Netgear Nighthawk that I've flashed over to DD-WRT and applied the list of IP''s on your list to the block list found on there.
Seems to work fine when trying to ping those services and host doesn't resolve.
Xavier Nelson
Nice, thank you for the ideas
Mason Smith
Related thread
Jordan Turner
Jesus fucking Christ, is there any length a windrone won't go before they just switch to GNU/Linux
Gabriel Martinez
install openwrt for dns server
Noah Stewart
Nope
Christopher Thompson
I've heard reports that Microsoft is buying domains to use as servers to get around people blocking them in the Hosts file. If it's true you'll need to keep updating that list.
Adrian Perry
Yeah I always assumed this was the case. That's also why I wanted to be able to block at the IP level and why I wanted a separate DNS server so that the hosts file couldn't just be circumvented.
Dylan Murphy
If you go with DD-WRT or OpenWRT this can do a similar thing to hosts files, but on the router level.