FWIW, I use (on a 32-bit i686 appliance) a 33MiB ads/pron/warez blocklist of 
1.2M domains in the form "local=/FQDN/" (that is, the domains do not exist at 
all for me; I'm OK with seeing whitespace). The virtual size (from 'ps aux') of 
the running dnsmasq is 175MiB. Resolution time is a hair slower, but still very 
acceptable.

Most of the domains in the list are longer than 10 bytes. There are no 
SHA1/SHA256 collisions in the first 10 bytes of the FQDN hashes; but there are 
in the first 9 bytes, so it's close.

Does dnsmasq store the actual FQDN in RAM? If so, could it instead store the 
first 10 bytes of a hash of the domain? This would help reduce RAM usage by 
maybe 40%.

Huge blocklists are going to require lots of RAM. If your system has limited 
RAM, you really have two options. (1) Plead with the device manufacturers to 
boost RAM to 1GiB. (2) Use an RPi to run dnsmasq; a personal challenge for me 
would be to run it transparently between my F/W and ISP.

One question remains. What does dnsmasq do that increases RAM usage by about 
160MiB for 25MiB of FQDNs? Though it may be completely reasonable, it seems a 
trifle much from a soaring vulture.

Neal


On Tue, 19 Nov 2024 18:31:42 +0200
Ercolino de Spiacico <bellocar...@hotmail.com> wrote:

> In the context of Adblock, I noticed that our adblock script can handle 
> relatively well about 10MB of blockfile which is about 7.8% of the 
> device RAM (128MB), after that the resolution time increases 
> exponentially to the point where the DNS resolution times-out and more 
> importantly the device becomes unstable.
> 
> I was trying to understand the root cause on why we couldn't have a 
> larger blockfile which is compiled in local=/example.com/# format. The 
> RAM, cache and buffer demand stay relatively low when the system becomes 
> unstable.
> 
> In the aim to investigate this further, I run a test creating a bogus 
> blockfile of the size of about 100MB (and 3.6M lines/domains). Here are 
> the grep results to fetch info from it:
> 
> root@router:/mnt/USB/adblock# time grep 'mytestdomain.com' 
> /mnt/USB/adblock/test2
> mytestdomain.com
> real    0m 2.44s
> user    0m 0.49s
> sys     0m 0.43s
> 
> root@router:/mnt/USB/adblock# cp /mnt/USB/adblock/test2 /tmp/test2
> 
> root@router:/mnt/USB/adblock# time grep 'mytestdomain.com' /tmp/test2
> mytestdomain.com
> real    0m 0.65s
> user    0m 0.39s
> sys     0m 0.20s
> 
> What I'm trying to demonstrate here is that a USB2 device can extract a 
> domain via grep in 2.44sec, and if that file was to be placed in RAM 
> (/tmp is mapped in RAM on devices with squashfs) it's just 0.65sec. 
> Admittedly /tmp compresses the content so the 100MB uses about 38MB, 
> still the point on performance is valid and tells me we could fit 
> 200-250MB blockfile if ever needed, looking at RAM capacity only.
> 
> As a point of discussion/improvement, I believe dnsmasq uploads the 
> custom config (so the blockfile in this case) into RAM, why do we 
> experience poor resolution performance and system instability at just 10MB?
> 
> Considering the system grep is so fast, could this be an alternative 
> method for dnsmasq to address locally defined domains? If given the 
> possibility, I would be very happy to map a file in RAM knowing that 
> this is handled differently from the "standard" conf-file.
> 
> I suppose the first step would be to fully understand where the 
> limitation we currently have comes from.
> 
> Then, I'm not suggesting we should re-invent the wheel, but perhaps 
> there's a margin for a new directive whose behavior is a simple grep 
> against a mapped file to be used as an authority for those domains? 
> Might be restricted to blocking only (returning NX or 0.0.0.0 or 
> 127.0.0.1)? Not sure what the secondary implications of such an idea 
> would be, but I'll be glad to hear some comments/opinions on this topic.
> 
> 
> Thanks
> 
> _______________________________________________
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss@lists.thekelleys.org.uk
> https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss


_______________________________________________
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss

Reply via email to