# Make your house an instagram-free zone

These notes are for my own reference, so are unnecessarily specific in many places, but possibly not detailed enough to be followed by others.

The idea is to provide an alternative DNS server where certain domain names such as www.instagram.com are redirected to 0.0.0.0, then use DHCP to point clients at that DNS server. It's quite easy for the well-informed to get round the restriction by manually setting their DNS server to another one, but the usual fix – shouting "Dad, the internet isn't working" – doesn't help.

1. Set up a Raspberry Pi (with the minimal, non-gui setup) and install dnsmasq. Give the Pi the fixed IP address 192.168.1.2 by editing /etc/networks/interfaces so that you can conveniently connect to it with SSH later.

2. The dnsmasq configuration can be as follows, with all other options retaining their default values.

# Never forward plain names (without a dot or domain part)
domain-needed
bogus-priv

# Set this (and domain: see below) if you want to have a domain
# automatically added to simple names in a hosts-file.
expand-hosts

# Set the domain for dnsmasq.
domain=lan

# Enable DHCP service
dhcp-range=192.168.1.32,192.168.1.253,12h

# Omicron = 192.168.1.2

# Printer
dhcp-host=00:23:7d:6e:a7:ca,192.168.1.3

# Powerline network
dhcp-host=00:5f:67:32:36:46,192.168.1.4

# Delays sending DHCPOFFER and proxydhcp replies for at least the specified number of seconds.
dhcp-mac=set:client_is_a_pi,B8:27:EB:*:*:*

# Override the default route supplied by dnsmasq.
dhcp-option=option:router,192.168.1.1


It's convenient to give printers and other servers a fixed IP address by listing them here.

3. Put hosts you don't want to be accessed in /etc/hosts. I used the following, with each list of names on one line.

127.0.0.1       localhost
::1             localhost ip6-localhost ip6-loopback
ff02::1         ip6-allnodes
ff02::2         ip6-allrouters

192.168.1.2     omicron

0.0.0.0         api.tiktokv.com frontier.tiktokv.com log.tiktokv.com
mon.tiktokv.com vm.tiktok.com www.tiktok.com
0.0.0.0         api.instagram.com edge-chat.instagram.com graph.instagram.com
graphql.instagram.com i.instagram.com instagram.com l.instagram.com
maps.instagram.com platform.instagram.com scontent.cdninstagram.com
www.instagram.com


4. Activate dnsmasq on the Pi (with systemctl enable dnsmasq.service) and disable DHCP on the router. Disable IPv6 on the router too, in case some clients continue to use it for DNS via that route.

Privileged members of the household can be shown how to set their DNS server manually to 192.168.1.1 (or 8.8.8.8, etc.) in order to get round the restriction.