NextDNS first to support blocking of ALL third-party trackers disguised as first-party
NextDNS is proud to announce that all your blocklists are now applied to each intermediate CNAMEs in addition to the queried domain name.
As we explained in our in-depth article on the matter, DNS-based adblockers are well suited to detect and block this newish type of trackers. As a DNS recursive resolver, we already process those CNAMEs, which make it easy to perform additional filtering during resolution.
The solution is pretty simple. Let’s take
https://eule1.pmu.fr/... as an example:
*.eulerian.net is present in most tracker blocklists but not
*.pmu.fr obviously. A traditional adblocker would only filter on the domain visible in the URL, but because we are the ones performing the recursive resolution for the domain, we can see all intermediate CNAMEs, and apply our filtering logic on both
The next step is probably for tracking companies to use NS records instead of CNAMEs. But we are ready for that and will implement the same type of solution.
NextDNS is the first DNS adblocker to provide a complete and definitive solution to this problem. AdGuard decided to take a different approach, by using DNS to detect those domains and build a giant blocklist. We don’t believe in this approach, as it won’t scale as more and more websites start to implement such method. It might also lag behind if websites decide to regularly change those tracker domains.
There is also a discussion on the Pi-Hole® forum about implementing CNAME blocking just like we did, but sadly, their current design prevent them from implementing it short term as explained by one of the developers.
For browser/client based adblocking solutions, this problem is going to be very hard to handle, if even possible. Best case scenario involves performing a duplicate DNS query to get access to CNAMEs, which adds latency, wastes battery and is currently only possible in the desktop version of Firefox. Building a list of all those first-party domains is another option, but as explained earlier, this will blow up the size of the blocklists, which is already too large for most browser blocking API restrictions and may lag behind if sites regularly change those domains.
Discuss this story on HackerNews.
You can try it out for free at https://nextdns.io (no signup required).