Note

Following a national ballot, the union, UCU, that represents staff in the higher education sector has called a strike on three days in late November, and also "action short of a strike" during a period that starts on Wednesday, 23 November. During this period, colleagues are invited to take various actions, including abstaining from voluntary activities. I view the maintenance of Spivey's Corner as an activity I undertake voluntarily and not part of any contract of employment, and I cannot guarantee that it will remain accessible during the period of the dispute. In addition, some materials on the site may pertain to lectures that are cancelled by myself or others as part of the strike, and we are asked not to make them available online. Further details of the reasons for the strike and how it affects teaching in Oxford are on a brief FAQ page.

Make your house an instagram-free zone

From Spivey's Corner
Jump to navigation Jump to search

These notes are for my own reference, so are unnecessarily specific in many places, but possibly not detailed enough to be followed by others.

The idea is to provide an alternative DNS server where certain domain names such as www.instagram.com are redirected to 0.0.0.0, then use DHCP to point clients at that DNS server. It's quite easy for the well-informed to get round the restriction by manually setting their DNS server to another one, but the usual fix – shouting "Dad, the internet isn't working" – doesn't help.

1. Set up a Raspberry Pi (with the minimal, non-gui setup) and install dnsmasq. Give the Pi the fixed IP address 192.168.1.2 by editing /etc/networks/interfaces so that you can conveniently connect to it with SSH later.

2. The dnsmasq configuration can be as follows, with all other options retaining their default values.

# Never forward plain names (without a dot or domain part)                     
domain-needed
# Never forward addresses in the non-routed address spaces.                    
bogus-priv

# Set this (and domain: see below) if you want to have a domain                
# automatically added to simple names in a hosts-file.                         
expand-hosts

# Set the domain for dnsmasq.
domain=lan

# Enable DHCP service                                                                     
dhcp-range=192.168.1.32,192.168.1.253,12h

# Omicron = 192.168.1.2                                                        

# Printer                                                                      
dhcp-host=00:23:7d:6e:a7:ca,192.168.1.3

# Powerline network                                                            
dhcp-host=00:5f:67:32:36:46,192.168.1.4

# Delays sending DHCPOFFER and proxydhcp replies for at least the specified number of seconds.                                                               
dhcp-mac=set:client_is_a_pi,B8:27:EB:*:*:*
dhcp-reply-delay=tag:client_is_a_pi,2

# Override the default route supplied by dnsmasq.                              
dhcp-option=option:router,192.168.1.1                                          

It's convenient to give printers and other servers a fixed IP address by listing them here.

3. Put hosts you don't want to be accessed in /etc/hosts. I used the following, with each list of names on one line.

127.0.0.1       localhost
::1             localhost ip6-localhost ip6-loopback
ff02::1         ip6-allnodes                                                   
ff02::2         ip6-allrouters                                                 
                                                                               
192.168.1.2     omicron                                                        
                                                                               
0.0.0.0         api.tiktokv.com frontier.tiktokv.com log.tiktokv.com
mon.tiktokv.com vm.tiktok.com www.tiktok.com                                            
0.0.0.0         api.instagram.com edge-chat.instagram.com graph.instagram.com
graphql.instagram.com i.instagram.com instagram.com l.instagram.com
maps.instagram.com platform.instagram.com scontent.cdninstagram.com 
www.instagram.com    

4. Activate dnsmasq on the Pi (with systemctl enable dnsmasq.service) and disable DHCP on the router. Disable IPv6 on the router too, in case some clients continue to use it for DNS via that route.

Privileged members of the household can be shown how to set their DNS server manually to 192.168.1.1 (or 8.8.8.8, etc.) in order to get round the restriction.