The "LocalBindingAddress" is most likely the address the the proxy binds to and has nothing to do with what it returns to queries. 127.0.0.1 is a better value for it, unless your PC is acting as a proxy for other PCs on your network.
Thanks for the correction! I will correct the OP to reflect this insight. I'm usually pretty good about making it clear when I'm guessing or assuming. I assumed the LocalBindingAddress was doing what I originally said, but it really was a total guess! So, if I understand you correctly .... Am I correct in my understanding to say that if your using Acrylic on a single PC, it's better to change the LocalBindingAddress from the default "0.0.0.0" to "127.0.0.1"? And if this is true, is it 'better' to change the AcrylicHosts domain name blocklist default from "0.0.0.0" to "127.0.0.1"?
The binding address determines whether other PCs can use the proxy as well. If you bind it to 127.0.0.1, then only the PC itself can use it. If you bind it to 0.0.0.0, that's actually a wildcard which binds it to all interfaces on your PC and makes it reachable for other PCs on your network or even from the Internet if you forward that port on your router. If you don't need that, 127.0.0.1 is a better choice. The IP address it returns for hostnames is a completely different matter and is not actually related to the binding address at all. 0.0.0.0 seems to be equivalent to "any address" or "the first address of all addresses on the PC", I don't really know. 127.0.0.1 feels like a better choice. An inherent problem with both addresses is that if you run a local server like a webserver for development or any server that happens to be in use on the blocked addresses, then your browser or system service will try to connect to it, leading to unpredictable results. A better solution would be if the proxy could return the equivalent of NXDOMAIN, i.e. "this host doesn't even exist". This would fail the connection attempt much sooner and be totally nonintrusive for people who happen to run a web server locally.
I've gone frustating this evening while I'm stucked how to configured Acrylic to get it working properly. And thank God this tutorial seems completing my lost steps I'll try this tomorrow on my office PC This should be stickied, IMHO Thanks man
I have been working with unbound for my private DNS server on the go running as a service on my box. I never thought to try using wildcards but then again I am not sure unbound supports it.
If you just need to implement something like *.microsoft.com, you simply create a zone "microsoft.com" with no A records in it. Something like ads.* is not possible at the DNS level and is better handled in an HTTP proxy anyway.
Binding to 0.0.0.0 will bind to every network adapter in your computer, ethernet, wifi, loopback etc. Binding to 127.0.0.1 will only bind to loopback. You can also specify the ip address of your ethernet or wifi card to bind to that as well. If you bind it to 0.0.0.0 or your ethernet or wifi ip address (and it's not blocked by a firewall rule) then it will be reachable by any machine on that network, although those machines would have to be configured to connect to the equivalent ip address. 127.0.0.1 is the standard ip address of the loopback adapter and the only computer attached to that "network" is you. So essentially you're right, if you want to run something locally and only ever allow the local computer to attach to it then you may as well bind it to 127.0.0.1
This is out of context and I addressed it in the first paragraph. In the part you quoted I was talking about the address that the proxy returns, not the address it binds to.
I already tried Acrylic on my office PC Setting it up And via TCPView I saw theres plenty list that successfully blocked But my question is What if windows trying to call home via IP address? And not using fix domain name Does it also blocked with acrylic by just listing that domain name list on acrylic host file? Supposed we don't know the IP addresses just the domain name such : nsatc[dot]net
Good question as one domain can point to different/multiple IP addresses. CMD Code: ping -a nsatc.net Pinging nsatc.net [127.0.0.1] with 32 bytes of data: Reply from 127.0.0.1: bytes=32 time<1ms TTL=128 Reply from 127.0.0.1: bytes=32 time<1ms TTL=128 Reply from 127.0.0.1: bytes=32 time<1ms TTL=128 Reply from 127.0.0.1: bytes=32 time<1ms TTL=128 hehehehe ;-) edit: Unfortunately i can't get Acrylic up and running: Code: 2015-08-26 20:05:19.035 TBootstrapper.StartSystem: Starting resolver... 2015-08-26 20:05:19.036 TResolver.Execute: TClientServerSocket.Create: Binding to address 0.0.0.0 and port 53 failed. Is there another DNS server/proxy running? The only program that used port 53 was Acrylic itself (both netstat/TCPview didn't show any *:53 so i'm currently stuck =/ ).
Just a quick reply. I've got to go to bed!!! I've completely cleaned up the OP. It's essentially finished! I can't explain why things do or don't work, but I do know what works for me. I ";" comment out the ";PrimaryServerPort=53" line. That's the only way it works for me. Don't ask me why. It's sort of a binary solution. ";" works without ";" doesn't work. It the same with setting the LocalBindingAddress to anything different than the default "0.0.0.0." I played around with "127.0.0.1" but again it was a binary (negative) result. Cheers!
YES. I'm also stucked on this problem I'm using installed version Acrylic And following OP steps on page 1 (adding the ";" correctly) Or maybe i MUST use portable version?
Nice, maybe I'm tempted to try your solution mate but if I can give a friendly word of advice: please don't change the title constantly, it confuses my follow up lolol
Portable or not doesn't make a difference (same files, but manual service (un)installation using .bat). It also happens with portable ;'(
Works great here using portable! Tried the installed too. Worked fine. Where is the GUI in the install version? Is it ADPMonitor? I tried ADPMonitor.exe, couldn't get it configured properly. Always says: "No parameter for hit log filename can be found in ini file". Even though I have hitlog.txt configured in AcrylicConfiguration.ini This seems like the best method! Needs a sticky.