Hi.
I've got an ASUS RT-AC68U with merlin 380.65. I've configured DNSCrypt using Entware.
I was using the Cisco Familyshield provider with DNSCrypt, but don't like that they log requests and dont provide DNSsec, plus Youtube always thinks im coming from a neighbouring country, and torproject.org is not reachable.
So I changed provider to dnscrypt.eu-dk and it works much better, but I do not get any blacklist protection at all.
The file /jffs/configs/dnsmasq.conf.add can be edited and I can add a line such as:
address=/idsoftware.com/0.0.0.0
then restart dnsmasq:
service restart_dnsmasq
and then I cannot access that domain in my computers web browser. So far so good. But I don't want to put 800k addresses into this conf file, but according the the dnsmasq man page, you can add the following option to the conf file:
addn-hosts=/jffs/configs/hosts.blacklist
and then add all the hosts to that file. But, it does not work. It only works if I add the address directly in the config file. Does anyone know why? And can I add all those addresses to this conf file without something breaking?
Second question:
I downloaded Shalla's blacklist that I used to use in pfSense, and because it's divided by category, it's very easy to implement for just the stuff I care about. But when I compile a blacklist file with just the domains I want to block, I get up to 800k domains in the list. According to dnsmasq's man page, they have tested with 1 million addresses, but say that they needed 1 1GHz cpu and 60MB ram for that. My router is a 800MHz with 180MB free mem. I'm not sure if it can handle that load. Plus the blacklist file is 30MB and I've only got 60MB free on /jffs.
Has anyone ever tried such a large blacklist and does it overload the router?
I've got a 16GB USB3 thumbdrive plugged in. Can't figure out if this can be permanently written to or if it's just temporary.
I've got an ASUS RT-AC68U with merlin 380.65. I've configured DNSCrypt using Entware.
I was using the Cisco Familyshield provider with DNSCrypt, but don't like that they log requests and dont provide DNSsec, plus Youtube always thinks im coming from a neighbouring country, and torproject.org is not reachable.
So I changed provider to dnscrypt.eu-dk and it works much better, but I do not get any blacklist protection at all.
The file /jffs/configs/dnsmasq.conf.add can be edited and I can add a line such as:
address=/idsoftware.com/0.0.0.0
then restart dnsmasq:
service restart_dnsmasq
and then I cannot access that domain in my computers web browser. So far so good. But I don't want to put 800k addresses into this conf file, but according the the dnsmasq man page, you can add the following option to the conf file:
addn-hosts=/jffs/configs/hosts.blacklist
and then add all the hosts to that file. But, it does not work. It only works if I add the address directly in the config file. Does anyone know why? And can I add all those addresses to this conf file without something breaking?
Second question:
I downloaded Shalla's blacklist that I used to use in pfSense, and because it's divided by category, it's very easy to implement for just the stuff I care about. But when I compile a blacklist file with just the domains I want to block, I get up to 800k domains in the list. According to dnsmasq's man page, they have tested with 1 million addresses, but say that they needed 1 1GHz cpu and 60MB ram for that. My router is a 800MHz with 180MB free mem. I'm not sure if it can handle that load. Plus the blacklist file is 30MB and I've only got 60MB free on /jffs.
Has anyone ever tried such a large blacklist and does it overload the router?
I've got a 16GB USB3 thumbdrive plugged in. Can't figure out if this can be permanently written to or if it's just temporary.