||*.* rule does not block everything

[EntropySmoke]

• I am running the latest version
• I checked the documentation and found no answer
• I checked to make sure that this issue has not already been filed

Problem Description

||. rule is supposed to block all domains, but it doesn't. For example, to block bogus Smart TV domains, you also need to add /^[a-z]{7,15}$/ .

That also makes me wonder whether ||. and /^[a-z]{7,15}$/ disallow port scanning that use similar syntax - https://raw.githubusercontent.com/gwarser/filter-lists/master/lan-block.txt . If not, then a feature to disallow local port scanning should be included.

Proposed Solution

"Block All Domains" button in "Block Services" would be great!

Alternatives Considered

[ameshkov]

bogus Smart TV domains

Could you please give some examples of these domains?

[EntropySmoke]

I disable collection of TV info from my Firestick with ADB and therefore I no longer get attempts to resolve those bogus domains, but the info comes from the well-known Perfy's Smart TV Block List - https://raw.githubusercontent.com/Perflyst/PiHoleBlocklist/master/regex.list , which has some examples of the domains I describe.

[EntropySmoke]

But I don't know if port scanning attempts ever reach me in regards to this block list - https://raw.githubusercontent.com/gwarser/filter-lists/master/lan-block.txt . I only know it is a relatively new thing and you can find the report about eBay performing such scans here - https://www.ghacks.net/2020/05/25/ebay-is-port-scanning-your-system-when-you-load-the-webpage/ .

[ameshkov]

The thing is || makes it work for valid domain names only. If for some reason the device requests an invalid domain name, this rule won't catch it.

On the other hand, an invalid domain name in a DNS query most likely means a bug in the software and not some sinister plan to avoid blocking.

[EntropySmoke]

Thanks! It was my mistake not to realize AdGuard automatically blocked those bogus domains with NXDomain, even if the default rule was Null IP. Related entries weren't labeled as blocked, but as resolved with NXDomain. An example of such a bogus domain was "vdukhmtl". Firestick was the only device to use them each time it was connected to a new TV.

[ameshkov]

Hmm, so it's a valid domain name after all, just the top-level domain. You'd need to use ||*, not ||*.* to block them.

Btw, these may be random domain names that Android checks on network change.

[DandelionSprout]

/^[a-z]{7,15}$/ was (and is) made to counter an apparent glitch in LG TVs' networking, where they would inexplicably send DNS requests for single words (without dots) of between 7 and 15 letters a few times per hour if the TV is turned on. Which I know because I happen to be the one who added that entry to Perflyst's lists.

To the best of my knowledge, such non-standard requests can't be blocked with || entries, let alone in a way that wouldn't block every single normal domain as well.

[stale]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.