Make your house an instagram-free zone
These notes are for my own reference, so are unnecessarily specific in many places, but possibly not detailed enough to be followed by others.
The idea is to provide an alternative DNS server where certain domain names such as
www.instagram.com are redirected to 0.0.0.0, then use DHCP to point clients at that DNS server. It's quite easy for the well-informed to get round the restriction by manually setting their DNS server to another one, but the usual fix – shouting "Dad, the internet isn't working" – doesn't help.
1. Set up a Raspberry Pi (with the minimal, non-gui setup) and install
dnsmasq. Give the Pi the fixed IP address
192.168.1.2 by editing
/etc/networks/interfaces so that you can conveniently connect to it with SSH later.
2. The dnsmasq configuration can be as follows, with all other options retaining their default values.
# Never forward plain names (without a dot or domain part) domain-needed # Never forward addresses in the non-routed address spaces. bogus-priv # Set this (and domain: see below) if you want to have a domain # automatically added to simple names in a hosts-file. expand-hosts # Set the domain for dnsmasq. domain=lan # Enable DHCP service dhcp-range=192.168.1.32,192.168.1.253,12h # Omicron = 192.168.1.2 # Printer dhcp-host=00:23:7d:6e:a7:ca,192.168.1.3 # Powerline network dhcp-host=00:5f:67:32:36:46,192.168.1.4 # Delays sending DHCPOFFER and proxydhcp replies for at least the specified number of seconds. dhcp-mac=set:client_is_a_pi,B8:27:EB:*:*:* dhcp-reply-delay=tag:client_is_a_pi,2 # Override the default route supplied by dnsmasq. dhcp-option=option:router,192.168.1.1
It's convenient to give printers and other servers a fixed IP address by listing them here.
3. Put hosts you don't want to be accessed in /etc/hosts. I used the following, with each list of names on one line.
127.0.0.1 localhost ::1 localhost ip6-localhost ip6-loopback ff02::1 ip6-allnodes ff02::2 ip6-allrouters 192.168.1.2 omicron 0.0.0.0 api.tiktokv.com frontier.tiktokv.com log.tiktokv.com mon.tiktokv.com vm.tiktok.com www.tiktok.com 0.0.0.0 api.instagram.com edge-chat.instagram.com graph.instagram.com graphql.instagram.com i.instagram.com instagram.com l.instagram.com maps.instagram.com platform.instagram.com scontent.cdninstagram.com www.instagram.com
4. Activate dnsmasq on the Pi (with
systemctl enable dnsmasq.service) and disable DHCP on the router. Disable IPv6 on the router too, in case some clients continue to use it for DNS via that route.
Privileged members of the household can be shown how to set their DNS server manually to
22.214.171.124, etc.) in order to get round the restriction.