Menu
What's new
By:
Filters Better Search

Running dnsmasq with a huge config file like pihole - possible/sensible?

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

C

chrisisbd

Occasional Visitor
I currently run dnsmasq on a server on my LAN with a pihole-like configuration. I.e. I have a huge list of advertising sites to ignore in /etc/dnsmasq.d/dnsmasq.blacklist.txt, The file is just a long list of entries like:-

Code: 
...
...
address=/krer.com/   
address=/kreruf.wiki/
address=/kresimir.emiliamilena.pl/
address=/krespyst.com/
address=/krestinaful.com/
address=/krestovskiy.nik.siteme.org/
address=/kreten.banjalucke-ljepotice.ru/
address=/kreud.com/
address=/kreuz.hopto.org/
...
...

The blacklist gets updated weekly using a cron job. It's about 12Mb, 400000 lines.

Can the dnsmasq on an Asus router (e.g. DSL-AC68U) cope with something like this? I know some people have got pihole running on Asuswrt-Merlin and the above dnsmasq configuration is basically what pihole does, so it seems that it should work OK. I have entware installed, there's a USB stick providing 32Gb of disk space, so disk space isn't an issue for the file (it won't need to be in /jffs), I just wonder about the memory requirements of dnsmasq when it loads the file.

Any/all feedback would be very welcome.
 
Most Merlin users just run the Diversion Addon to do ad-blocking. That wheel has already been invented.
www.snbforums.com

Diversion - Diversion 5.1.1 - the Router Ad-Blocker, March 02 2024

Welcome This is Diversion - the Router Ad-Blocker for Asuswrt-Merlin For more look through the Diversion website. What's new in this Diversion 5.1.1 patch release - Fixes failed Dnsmasq version 2.90 start up when option(s) b, 5 to 7 are used. Thanks @dave14305 for pointing me in the right...
www.snbforums.com www.snbforums.com
 
Last edited:
dave14305 said:
Most Merlin users just run the Diversion Addon to do ad-blocking. That wheel has already been invented.
www.snbforums.com

Diversion - Diversion 5.1.1 - the Router Ad-Blocker, March 02 2024

Welcome This is Diversion - the Router Ad-Blocker for Asuswrt-Merlin For more look through the Diversion website. What's new in this Diversion 5.1.1 patch release - Fixes failed Dnsmasq version 2.90 start up when option(s) b, 5 to 7 are used. Thanks @dave14305 for pointing me in the right...
www.snbforums.com www.snbforums.com
Click to expand...
But some Merlin (and stock FW?) users (raising hand here re: Merlin) rely instead on WWW browser extensions which have much more intimate (thus more specific) knowledge, plus running relatively very much more effortlessly on superior hardware...
 
glens said:
But some Merlin (and stock FW?) users (raising hand here re: Merlin) rely instead on WWW browser extensions which have much more intimate (thus more specific) knowledge, plus running relatively very much more effortlessly on superior hardware...
Click to expand...
Which means your ad blocking is not universal. With diversion everyone in your network is covered. ;)
 
Not worried about "everything in my network"... Client phone apps are going to do what they do, and I doubt Meta (which I don't use, despite having an /extremely/ low user ID, if they remember me) is using DNS anyway. They make their living doing end-runs on that kind of stuff. Web browser traffic is the only thing /I/ consider worth fighting over, and the few clients which do that here are very easily maintained individually; duckduckgo browsers and same browser extension plus uBlock Origin browser extension does all I deem necessary.

Prior to google pushing HTTPS on everybody/everything I used to maintain an elaborate privoxy setup. Nothing like making web pages do/act like one wants instead of how /they/ want it to behave. I'm confident that google's "we want to keep everybody safe" shirt really means "we don't want anybody thwarting our efforts by using proxies."
 
Last edited:
glens said:
Not worried about "everything in my network"... Client phone apps are going to do what they do, and I doubt Meta (which I don't use, despite having an /extremely/ low user ID, if they remember me) is using DNS anyway. They make their living doing end-runs on that kind of stuff. Web browser traffic is the only thing /I/ consider worth fighting over, and the few clients which do that here are very easily maintained individually; duckduckgo browsers and same browser extension plus uBlock Origin browser extension does all I deem necessary.

Prior to google pushing HTTPS on everybody/everything I used to maintain an elaborate privoxy setup. Nothing like making web pages do/act like one wants instead of how /they/ want it to behave. I'm confident that google's "we want to keep everybody safe" shirt really means "we don't want anybody thwarting our efforts by using proxies."
Click to expand...
No one apps/browser escapes DNS and when Global router is controlled everyone is diversioned. 😁Don't get me wrong I use UO with my browser when watching youtube only, it's a good thing UO can be toggled on/off effectively using on demand when needed.
 
Last edited:
bluepoint said:
No one apps/browser escapes DNS
Click to expand...
Methinks investigating that notion might prove worthwhile to you. Anti-"thwarting" measures go well beyond dumping the HTTP (non-S) protocol. DNS block-lists are old-school anymore. Not entirely without value yet, but certainly much less so than historically.
 
glens said:
Methinks investigating that notion might prove worthwhile to you. Anti-"thwarting" measures go well beyond dumping the HTTP (non-S) protocol. DNS block-lists are old-school anymore. Not entirely without value yet, but certainly much less so than historically.
Click to expand...
Thwarting is the reason google wants us to use DoH, safari for different method to avoid being mis-directed but knowledgeable user knows how to avoid them or use different way(DoT) if wants DNS encrypted. Users need to cope with time and not get stuck with old habits.
 
You must log in or register to reply here.

Similar threads

C
How to make dnsmasq startup wait for USB mount?
Replies
4
Views
259
chrisisbd
C
J
Solved OpenVPN clients can't resolve custom domains defined in dnsmasq config
Replies
2
Views
619
jkbach
J
S
Another DNS Director clarification
Replies
1
Views
483
L&LD
L&LD
C
Need some help with a DHCP problem
Replies
9
Views
342
ComputerSteve
C
GraniteStateColin
DNSmasq to provide DHCP IP # and DNS name for systems on LAN
Replies
19
Views
2K
Patrick9876
P
Similar threads
Thread starter Title Forum Replies Date
H Solved xbox one not able to sign in when connected through router running asuswrt-merlin on an rt-ac5300. Asuswrt-Merlin 5
W Tera Term can't SSH connect to router running Merlin 384, but works when flash back to ASUS stock FW Asuswrt-Merlin 6
R Getting flooded with log entries I don't understand on my RT-AX86U Pro running 3004.388.6_2 Asuswrt-Merlin 13
E Web proxy running locally on ASUS Router Asuswrt-Merlin 2
A Disabling FC and running speedtest Asuswrt-Merlin 9
W Long shot: Anyone with WiFi issues on 386.10, 386.11 and 386.12.1/2/3/4 running Home Assistant? Asuswrt-Merlin 17
Z Sudden network issues, looking to fully reset my TUF-AX5400 router running Gnuton's Merlin fork Asuswrt-Merlin 1
P AX86U running 3004.388.4_0 lost configuration Asuswrt-Merlin 1
Quan Wireguard performance on ASUS XT8 running VPN client Asuswrt-Merlin 1
H Running WireGuard Server and Multiple Clients Fails With PktRunner Error Asuswrt-Merlin 5

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 983 (members: 26, guests: 957)
Top