The whole program is rather simple it just downloads files ad lists from websites and loads them into dnsmasq. This effectively disables access to the domain by routing traffic to another domain (local host or the dnsmasq server on the LAN).
The most interesting part is that you can then pull statistics from the dnsmasq log file and get internet usage data or help find evidence of malware on your PCs or mobiles.
I got a bit carried away and after creating a simple dns adblocker then went on to create a web front end using Mojolicious Lite.
The website is bare bones so far but allows you to select a date to get statistics for each date:
It currently will limit the generation of files from a query to one per hour to prevent overloading my poor router. It has reasonable error handling. I would like to add a date picker and authentication.
It has so far helped me to identify data collection from Telstra:
If you look at the most blocked domain for the 28th of March it’s ‘secure-dcr.imrworldwide.com’.
Following hard coding the DNS servers into each device to get more specific data regarding who was performing DNS queries I saw the following line in a “tail -f ” of my logfile:
Apr 1 01:48:05 dnsmasq: 97661 192.168.0.8/49536 /usr/local/etc/dnsmasq.d/blocklist.txt secure-dcr.imrworldwide.com is 192.168.0.2
This was from my mobile phone! What the heck.
After doing some research I found out mention that Telstra use this domain for data collection. I still had the “Telstra 24/7” app installed on my mobile. After removing it the queries stopped!
I feel even more paranoid than ever.