What's new

dnsmasq blacklist filtering

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

finite9

Regular Contributor
Hi.

I've got an ASUS RT-AC68U with merlin 380.65. I've configured DNSCrypt using Entware.

I was using the Cisco Familyshield provider with DNSCrypt, but don't like that they log requests and dont provide DNSsec, plus Youtube always thinks im coming from a neighbouring country, and torproject.org is not reachable.

So I changed provider to dnscrypt.eu-dk and it works much better, but I do not get any blacklist protection at all.

The file /jffs/configs/dnsmasq.conf.add can be edited and I can add a line such as:

address=/idsoftware.com/0.0.0.0

then restart dnsmasq:

service restart_dnsmasq

and then I cannot access that domain in my computers web browser. So far so good. But I don't want to put 800k addresses into this conf file, but according the the dnsmasq man page, you can add the following option to the conf file:

addn-hosts=/jffs/configs/hosts.blacklist

and then add all the hosts to that file. But, it does not work. It only works if I add the address directly in the config file. Does anyone know why? And can I add all those addresses to this conf file without something breaking?


Second question:

I downloaded Shalla's blacklist that I used to use in pfSense, and because it's divided by category, it's very easy to implement for just the stuff I care about. But when I compile a blacklist file with just the domains I want to block, I get up to 800k domains in the list. According to dnsmasq's man page, they have tested with 1 million addresses, but say that they needed 1 1GHz cpu and 60MB ram for that. My router is a 800MHz with 180MB free mem. I'm not sure if it can handle that load. Plus the blacklist file is 30MB and I've only got 60MB free on /jffs.

Has anyone ever tried such a large blacklist and does it overload the router?

I've got a 16GB USB3 thumbdrive plugged in. Can't figure out if this can be permanently written to or if it's just temporary.
 
You could probably look at how the AB-Solution does the ad-blocking as it loads in the sites from a file on the USB drive.
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top