subject:"\[Dnsmasq\-discuss\] Scalability of DNS blackhole configuration\?"

Re: [Dnsmasq-discuss] Scalability of DNS blackhole configuration?

2017-02-19 Thread Mike Lee

For the purposes of blocking subdomains of known-bad domains I definitely
want the "free" wildcard functionality so I'll continue using what I'm
using.  Thanks for the information!

--Mike

On Sun, Feb 19, 2017 at 11:10 AM, Simon Kelley 
wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> There are two ways to do this: one is the way you have.
>
> The second is  using either a file in the same format as /etc/hosts
> and --addn-hosts, using --host-record.
>
> Either probably have similar memory-footprint implications, but the
> first does wildcards, so your example actually matches
> www.example.com, mail.example.com etc. The second doesn't do
> wildcards, but will be much faster as you go through the next couple
> of orders of magnitude.
>
> There are no hard limits, but there are always pratical limits.
>
>
> Cheers,
>
> Simon.
>
> On 16/02/17 19:19, Mike Lee wrote:
> > Hi folks, I'm redirecting undesirable domains to a "black hole" to
> > prevent normal DNS resolution.
> >
> > Specifically, I have this line in my dnsmasq.conf:
> >
> > conf-file=/etc/dnsmasq-blackhole.conf
> >
> > That file in turn has multiple lines of the form:
> >
> > address=/example.com/127.0.0.1 
> >
> > I just recently added a new source of domains from
> > malwaredomains.com , and my
> > blackhole.conf has now ballooned to roughly 20k lines.  Those 20k
> > lines appear to consume about 3MB of memory.  The daemon appears to
> > be running fine, but memory aside, for future reference is there a
> > practical or hard limit to how this type of configuration will
> > scale?  Will it gracefully handle 200k such domain configuration
> > lines? 2M lines?
> >
> > Thanks!
> >
> > --Mike
> >
> >
> > ___ Dnsmasq-discuss
> > mailing list Dnsmasq-discuss@lists.thekelleys.org.uk
> > http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
> >
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v2.0.22 (GNU/Linux)
>
> iQIcBAEBCAAGBQJYqd9/AAoJEBXN2mrhkTWi2EMP/RmPgJFhIBn9en2hl6RTAQYR
> YEC2NWt+8qdI0u6MyQUTqqtXVvM3b+AcuxX1OhQEfFu8NRgm03LcIYAAVNXRd73+
> CkF9/t7lzGRsgo6RwJG9xDnJaFVaE93J0eCRzEm7PhdLWH7BuBhIUM5TAfmIKL4v
> TKsFLOv5H0bZONq29UpBcO19MzRGC6JnsCzBSgLJbz+UK+n0y60HLdc+xegWGT68
> EmdZXyMA6mYCEw0p0Q3UUGgclAQzd7XTkiwKezdZmfUK6t0UICLnmz907D7b3Frn
> 6rqW0Mh7o8rMQBk7LGXB+W5zQpswXV8wNtg2aUboEECqa9lHBZdd071Nf+M1SLcv
> ybheNLrsXoIct9elTo9U9b6bqRgJUYXaRwDXviYCqCif41mnf51K9KDJP3kwM/we
> NSLUqmYTnDkiEFrOXQHhLAkosKbs17B4+7jCIJk8D+6PInBpStc0Ms3PAp0fwK+o
> wC8Mus7dOQU/1nMu4vSjyOD+CYOTGLqWotaOLIqAtIdfF/Z1zsgwWdezDux3tK9v
> FwsXfBoA60pdWBZlhvMIYAtjyEvWM6tjKESUEfJ73nnbWRk1mj6g4eqSfFm/IKA/
> PRpo0nHSQ69rw9YQt9CF5AgnjU7YAvCjptlDDwsoJRmLEf6tIJrqp29I9Y+M8506
> iRDOQreoY3ZUVwsUPaEn
> =SQMw
> -END PGP SIGNATURE-
>
> ___
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss@lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
>
___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] Scalability of DNS blackhole configuration?

2017-02-19 Thread Simon Kelley

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

There are two ways to do this: one is the way you have.

The second is  using either a file in the same format as /etc/hosts
and --addn-hosts, using --host-record.

Either probably have similar memory-footprint implications, but the
first does wildcards, so your example actually matches
www.example.com, mail.example.com etc. The second doesn't do
wildcards, but will be much faster as you go through the next couple
of orders of magnitude.

There are no hard limits, but there are always pratical limits.


Cheers,

Simon.

On 16/02/17 19:19, Mike Lee wrote:
> Hi folks, I'm redirecting undesirable domains to a "black hole" to 
> prevent normal DNS resolution.
> 
> Specifically, I have this line in my dnsmasq.conf:
> 
> conf-file=/etc/dnsmasq-blackhole.conf
> 
> That file in turn has multiple lines of the form:
> 
> address=/example.com/127.0.0.1 
> 
> I just recently added a new source of domains from
> malwaredomains.com , and my
> blackhole.conf has now ballooned to roughly 20k lines.  Those 20k
> lines appear to consume about 3MB of memory.  The daemon appears to
> be running fine, but memory aside, for future reference is there a
> practical or hard limit to how this type of configuration will
> scale?  Will it gracefully handle 200k such domain configuration
> lines? 2M lines?
> 
> Thanks!
> 
> --Mike
> 
> 
> ___ Dnsmasq-discuss
> mailing list Dnsmasq-discuss@lists.thekelleys.org.uk 
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
> 
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.22 (GNU/Linux)

iQIcBAEBCAAGBQJYqd9/AAoJEBXN2mrhkTWi2EMP/RmPgJFhIBn9en2hl6RTAQYR
YEC2NWt+8qdI0u6MyQUTqqtXVvM3b+AcuxX1OhQEfFu8NRgm03LcIYAAVNXRd73+
CkF9/t7lzGRsgo6RwJG9xDnJaFVaE93J0eCRzEm7PhdLWH7BuBhIUM5TAfmIKL4v
TKsFLOv5H0bZONq29UpBcO19MzRGC6JnsCzBSgLJbz+UK+n0y60HLdc+xegWGT68
EmdZXyMA6mYCEw0p0Q3UUGgclAQzd7XTkiwKezdZmfUK6t0UICLnmz907D7b3Frn
6rqW0Mh7o8rMQBk7LGXB+W5zQpswXV8wNtg2aUboEECqa9lHBZdd071Nf+M1SLcv
ybheNLrsXoIct9elTo9U9b6bqRgJUYXaRwDXviYCqCif41mnf51K9KDJP3kwM/we
NSLUqmYTnDkiEFrOXQHhLAkosKbs17B4+7jCIJk8D+6PInBpStc0Ms3PAp0fwK+o
wC8Mus7dOQU/1nMu4vSjyOD+CYOTGLqWotaOLIqAtIdfF/Z1zsgwWdezDux3tK9v
FwsXfBoA60pdWBZlhvMIYAtjyEvWM6tjKESUEfJ73nnbWRk1mj6g4eqSfFm/IKA/
PRpo0nHSQ69rw9YQt9CF5AgnjU7YAvCjptlDDwsoJRmLEf6tIJrqp29I9Y+M8506
iRDOQreoY3ZUVwsUPaEn
=SQMw
-END PGP SIGNATURE-

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

[Dnsmasq-discuss] Scalability of DNS blackhole configuration?

2017-02-16 Thread Mike Lee

Hi folks, I'm redirecting undesirable domains to a "black hole" to prevent
normal DNS resolution.

Specifically, I have this line in my dnsmasq.conf:

conf-file=/etc/dnsmasq-blackhole.conf

That file in turn has multiple lines of the form:

address=/example.com/127.0.0.1

I just recently added a new source of domains from malwaredomains.com, and
my blackhole.conf has now ballooned to roughly 20k lines.  Those 20k lines
appear to consume about 3MB of memory.  The daemon appears to be running
fine, but memory aside, for future reference is there a practical or hard
limit to how this type of configuration will scale?  Will it gracefully
handle 200k such domain configuration lines? 2M lines?

Thanks!

--Mike
___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] Scalability of DNS blackhole configuration?

Re: [Dnsmasq-discuss] Scalability of DNS blackhole configuration?

[Dnsmasq-discuss] Scalability of DNS blackhole configuration?

3 matches

Site Navigation

Mail list logo

Footer information