Now that Firefox blocks 3rd-party cookies by default, many sites try to
hide the fact that a cookie is 3rd-party by using CNAMEs.
% kdig +short A ftn.fortuneo.fr
ftn-fr.eulerian.net.
ftn.eulerian.net.
109.232.194.56
I want to block all the requests to *.eulerian.net.
policy.add(policy.suffix(policy.DENY, {todname('eulerian.net.')}))
Does not work since, to quote the documentation "The policy module
currently only looks at whole DNS requests. The rules won’t be
re-applied e.g. when following CNAMEs."
% kdig A
ftn.eulerian.net
;; ->>HEADER<<- opcode: QUERY; status: NXDOMAIN; id: 42477
...
ftn.eulerian.net. 10800 IN SOA
ftn.eulerian.net. nobody.invalid. 1 3600 1200 604800
10800
% kdig A ftn.fortuneo.fr
;; ->>HEADER<<- opcode: QUERY; status: NOERROR; id: 59262
...
ftn.fortuneo.fr. 600 IN CNAME
ftn-fr.eulerian.net.
ftn-fr.eulerian.net. 5799 IN CNAME
ftn.eulerian.net.
ftn.eulerian.net. 5799 IN A 109.232.194.56
This seriously limits the usefulness of policy.DENY. What are the
possible solutions?