Hosts: Must add ::1 if IP6

Hello! Thank you for opening your first issue in this repo. It’s people like you who make these host files better!

Hey Stéphane @TraderStf we've discussed this before in Issue #139 Add ip6-localhost.

Is this what you mean?

NO,he actually want most likely duplicate lists (in case of using IPv6) with duplicate entry on each (sub)domain with ::1 in the front.
@TraderStf it's actually :: only,the 1 is not needed.Do your research.
Example:
0.0.0.0 analysis.polarisoffice.com
:: analysis.polarisoffice.com
....and so on

P.S. I remember one of the contributors here(forgot his nickname) was providing such a ready lists on his website.

@dnmTX please don't be strafing new visitors. Okay?

strafe: attack repeatedly with bombs or machine-gun fire from low-flying aircraft
Okey Dokey @StevenBlack 👍.......no more ✈️ + 💣

I wonder if we should provide two sets of hosts files....

I'm guessing the cost of this might ultimately be, hundreds or thousands of support issues because most people just don't know whether they are "using IPV6".

Maybe just set for IPv6 only in it with option in your script to add it as a addition for whoever want's it.
The rest(whoever not using your script)should know how to do it anyway.
Front page explanation what and who is for would be necessary.

I'm guessing the cost of this might ultimately be, hundreds or thousands of support issues because most people just don't know whether they are "using IPV6"

There is no harm if IPv6 is disabled on the users's end. Just one huge hosts file(i bet Windows users will love it)

@dnmTX it's not because :: works on your Nintendo, that it will work on other OS... ¯_(ツ)_/¯
Just look at IP4, 0, 0.0.0.0, 127........ are working or not on different OS.

@StevenBlack

most people just don't know whether they are "using IPV6"

That's the point.
Anyway should move to a more powerful app like
https://github.com/jedisct1/dnscrypt-proxy

Oh that's some quality burn, right there 🔥 🤣 Merci Steph.

@StevenBlack You are welcome.
I am plane addicted, always win a strafe, dog fight... watch your six 🎖🛸

@dnmTX

P.S. I remember one of the contributors here(forgot his nickname) was providing such a ready lists on his website.

My IPv4_IPv6 list?

https://scripttiger.github.io/alts/

P.S.: I don't actively watch this repo anymore since I can admit to having a compulsion problem and would be inclined to strafe quite readily, as @StevenBlack already knows. I do manually check-in pretty often though and have a bookmark and whatnot.

@StevenBlack @TraderStf Modern systems follow "Happy Eyeballs" and prefer IPv6 first. Unless it's an old system, you get a smaller file if you just use ::1 for the bulk of the lookups.

https://gist.github.com/unquietwiki/8b5c7478e6d102b3802678b80637cd47

I get where everybody is coming from with the IPv6 issue, but at this stage in the game the world at large is in mixed transition and even most modern systems also use a hybrid of techniques to include both IPv6 and IPv4. I know many perfectionists would prefer to just go pure IPv6, but the Internet itself just isn't there yet. Many projections put IPv6's fully implemented date at around 2148, at which point people can start having serious discussions about anything IPv6-only. You should always, of course, implement the highest level of security possible within reason and as long as your system doesn't have IPv4 or any of its compatibility layer workarounds, etc., totally disabled, which would actually limit your Internet accessibility to a certain degree at this point, you should still be including security for it.

(raises an eyebrow) @ScriptTiger

This is a local, host mapping file; intended to deny access to external websites. It does not matter what the external situation of IPv4 vs IPv6 is: the preference for Windows, BSD, and Linux has been for IPv6, then IPv4; since the late 2000s. You can't even properly disable IPv6 in a modern OS, since assorted system services use it. And if you're even trying that, then you don't need this file; because you're obviously attempting more draconian network controls.

As for IPv6 externally; your cell phone probably relies on it by now. Cheaper & better logistics to have the units on v6, and use a v4 external gateway.

https://en.wikipedia.org/wiki/IPv6_transition_mechanism

I get where you are coming from and I have made the exact same argument as to how hosts files SHOULD work because I also find it highly annoying that things don't work properly or ideally, but there have been real-world cases where there is still leaking on "modern" systems. Why? I can't explain that either. Most notably Windows, of course, but I seem to recall another network-centric system, such as pfSense, having the same problem. There are at least a couple old issues you can dig into on this very repository with people having issues with this. Even you yourself state that IPv4 is a secondary to IPv6 and therefore should be fallen back to after an IPv6 lookup, but, again, even this simply does not occur as it should in many "modern" systems.

Again, I am totally not at all making an argument against you as I held the same exact position as you not that long ago. Everything you are saying is idealistically true and perfectly sound theoretically and we would all hope technically, but it's just not what many programmers have implemented in practice and that's what we are dealing with now.

@ScriptTiger Well... get a discussion going on https://www.reddit.com/r/ipv6 with the platforms involved. There was someone asking a few weeks ago about contributing to projects that needed help, and I knew of a few already; as you alluded to.

That's actually not a bad idea, especially now that Microsoft is opening up more and more to open source... nudge nudge wink wink to all you concerned Redmond residents out there listening to this :P

I think using hosts file is a waste of time, too many subdomains.

I use https://dnscrypt.info
and on macOS https://github.com/jedisct1/dnscrypt-proxy
which works without any problem since several days.
The black/white lists allow * = [0-9]* jokers/metacharacters

Some DNScrypt Resolvers include already blocking list(s) for various/all problems (ads, malware, adult...), no need to maintain it!

It's faster than usual DNS as you can add have cache.
Lots of options you can if you want change to suit your needs, some utilities to switch from one setting to another...

Few quick infos
https://securedns.eu
https://blahdns.com
https://dnscrypt.info

Only advantages. hosts is for the past...
Maintaining blocking host lists is still useful and generous, most of this DNScrypt are using most of them to create their cleaned list.

The hosts file is a core networking component to most, if not all, network-capable operating systems. This makes it the most universal format to implement without requiring any third-party software. If you start getting into third-party software applications, as you said, a number of other projects use this repository as a source, including Pi-hole.

I would also recommend the following issue as a good read relating to third-party DNS resolvers. The actual topic of the issue is DoH, which is currently building a lot more traction than DNSCrypt and even becoming included with popular web browsers such as Firefox. I won't compare the two function-wise though since they are still both centralized DNS services and have similar weak points, but you can check the rant out here:
https://github.com/StevenBlack/hosts/issues/968

You can configure it, for just use DoH resolver.

All settings: https://github.com/jedisct1/dnscrypt-proxy/blob/master/dnscrypt-proxy/example-dnscrypt-proxy.toml

For 'centralized' problem, you can turn/loop among various resolvers, increase privacy by using unique key, socks5...

Perhaps you are 'looking' for dnsmasq or https://ipfs.io/ or ... don't remember some kind of p2p network layer.

Funny just a new article, where you can see domains, but I got also the same with just subdomains which are changing at each request/reload.
https://myonlinesecurity.co.uk/it-looks-like-another-dns-compromise-hack-happening/

I wasn't aware DNSCrypt had those features, that is pretty nice. And yeah, in the issue I linked I referred to Tor. Tor can be installed as a service and can provide DNS to any local interface/loopback, so it automatically has the decentralized and P2P aspects as well as being super simple for most users to set up without having to know any centralized server addresses or what not. I think the feature you're referring to about doing round-robin with servers requires compiling a server list or linking to a hosted list somewhere on the Internet, although the way this feature is implemented probably varies. But there are a lot of options out there these days, it all depends on the security requirements of the individual and for them to be aware of the pros and cons of each option and using a layered security approach to make sure any cons/weaknesses are covered somehow.

We all know the problems: Icann, Registar (namecheap, name, donuts), url-shortener (t.co ...), Affiliation-aware-of-their-spammer-affiliates who don't care, just make $, or react several days after initial report, which is useless...
It's a shame as spam, not only it's a waste of energy, it's the first main vector for badware/illegal stuff. Without mentioning all these scam selling craps.

Also, why so many blacklists, av... duplicate works, look just at virustotal, newly reported malwares/url are still not flag by other majors companies several days after.

Perhaps things will change when few 'big' victims will sue all these... Baltimore are you listening.

Here is the name: https://github.com/i2p/i2p.i2p

I really like I2P, as well, and it's definitely optimized for IP traffic, unlike Tor which works on circuits but has more of an anti-censorship focus. But Tor has been around longer and has more users, which also makes its availability higher, especially in countries which impose censorship. So while I2P is indisputably better for some purposes, it's all for naught if you happen to be in a country with only 1 or 2 other nodes behind the national firewall. Even countries without censorship, I2P still doesn't hold up that well if there are not that many nodes close by and also means there's less traffic mixed with yours and making you less anonymous and easier to track. I do hope in the future more people could adopt I2P though to reach those people currently not able to make use of it, in theory it's definitely one of the better P2P networks out there.

Seems ESNI is a good extra...
https://www.cloudflare.com/ssl/encrypted-sni/

while responses from DoT/DoH DNS resolvers can be trusted, to a certain extent (evil resolvers notwithstanding), it might still be possible for a determined attacker to poison the resolver’s cache

This issue has been automatically marked as stale because it has not had recent activity. It will be closed in 14 daysif no further activity occurs. Thank you for your contributions.

Closing.