Hi Ercolino,

On 19.11.24 17:31, Ercolino de Spiacico wrote:
In the context of Adblock, I noticed that our adblock script can
handle relatively well about 10MB of blockfile which is about 7.8% of
the device RAM (128MB), after that the resolution time increases
exponentially to the point where the DNS resolution times-out and more
importantly the device becomes unstable.
(...)
Then, I'm not suggesting we should re-invent the wheel, but perhaps
there's a margin for a new directive whose behavior is a simple grep
against a mapped file to be used as an authority for those domains?
Might be restricted to blocking only (returning NX or 0.0.0.0 or
127.0.0.1)? Not sure what the secondary implications of such an idea
would be, but I'll be glad to hear some comments/opinions on this topic.


You may want to take a look at Pi-hole (https://docs.pi-hole.net).

It's DNS resolver pihole-FTL is a dnsmasq  fork, combining it with a
sqlite3 database for blocked domains and a B-tree algorithm for domain
matching, also employing some advanced steps like regex matching, or
deep CNAME inspection to thwart CNAME cloaking.
It also provides a web UI for managing and some statistics, but that is
optional.

All of dnsmasq's configuration options are still available and fully
operational, though you may have to pay attention in places not to
conflict with Pi-hole's default options.

Pi-hole's developers are active on dnsmasq's mailing lists as well,
giving back by committing code improvements to dnsmasq, and Pi-hole team
members sometimes offer a piece of advice here as well (including me).

I've been running that (including web server, web UI and unbound as
upstream, plus wireguard) on a quad core Cortex-A7 SBC with 256MB RAM
(115MB used) and about 750,000 blocked domains (weighing about 17M in
hosts format) plus a few regex blocks without issues for years, with
reply times for blocked domains averaging at ~1 ms and ~4ms for regex
matches.

Kind regards,
    Buck


_______________________________________________
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss

Reply via email to