Better to block a host to 0.0.0.0 than to 127.0.0.1?

I have a few hosts that I would like to block in my /etc/hosts file. For that I need to define a bogus IP address that the DNS queries get resolved to.

Most of the tutorials I saw so far all mention 127.0.0.1 as the solution to that. But I was wondering if there is maybe a better or other address, that might already discard the connection earlier.

So I was thinking of using 0.0.0.0 in my hosts-file. Do you think this would work the same like using 127.0.0.1 to block certain hosts?

Solution 1:

On Windows there is a difference: packets sent to 127.0.0.1 will end up bombarding whatever server you have running on your computer (and you may be running a server without knowing it), whereas trying to send packets 0.0.0.0 will immediately return with error code 1214 (ERROR_INVALID_NETNAME).

TL;DR: Use 0.0.0.0

Solution 2:

They're (usually) the same, and the packets end up the same: bombarding your own host with the requests and some time and traffic (on local interface) wasting some tiny amount of resources. (Same goes for any address in 127.0.0.0/8, say, 127.2.3.4.)

By the way it only works well if your host doesn't run the service you want to block (like using it for blocking webservers while your host does have a webserver), otherwise you will get replies from your own server. Using a definitely non-existing address (say, 192.168.255.254) would prevent this but would cause delays due to unreachable host for the connections.

Blocking by firewall usually works better. :-)