[Dnsmasq-discuss] Scalability of DNS blackhole configuration?

Mike Lee curby+forums at cur.by
Mon Feb 20 00:02:30 GMT 2017


For the purposes of blocking subdomains of known-bad domains I definitely
want the "free" wildcard functionality so I'll continue using what I'm
using.  Thanks for the information!

--Mike

On Sun, Feb 19, 2017 at 11:10 AM, Simon Kelley <simon at thekelleys.org.uk>
wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> There are two ways to do this: one is the way you have.
>
> The second is  using either a file in the same format as /etc/hosts
> and --addn-hosts, using --host-record.
>
> Either probably have similar memory-footprint implications, but the
> first does wildcards, so your example actually matches
> www.example.com, mail.example.com etc. The second doesn't do
> wildcards, but will be much faster as you go through the next couple
> of orders of magnitude.
>
> There are no hard limits, but there are always pratical limits.
>
>
> Cheers,
>
> Simon.
>
> On 16/02/17 19:19, Mike Lee wrote:
> > Hi folks, I'm redirecting undesirable domains to a "black hole" to
> > prevent normal DNS resolution.
> >
> > Specifically, I have this line in my dnsmasq.conf:
> >
> > conf-file=/etc/dnsmasq-blackhole.conf
> >
> > That file in turn has multiple lines of the form:
> >
> > address=/example.com/127.0.0.1 <http://example.com/127.0.0.1>
> >
> > I just recently added a new source of domains from
> > malwaredomains.com <http://malwaredomains.com>, and my
> > blackhole.conf has now ballooned to roughly 20k lines.  Those 20k
> > lines appear to consume about 3MB of memory.  The daemon appears to
> > be running fine, but memory aside, for future reference is there a
> > practical or hard limit to how this type of configuration will
> > scale?  Will it gracefully handle 200k such domain configuration
> > lines? 2M lines?
> >
> > Thanks!
> >
> > --Mike
> >
> >
> > _______________________________________________ Dnsmasq-discuss
> > mailing list Dnsmasq-discuss at lists.thekelleys.org.uk
> > http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
> >
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.22 (GNU/Linux)
>
> iQIcBAEBCAAGBQJYqd9/AAoJEBXN2mrhkTWi2EMP/RmPgJFhIBn9en2hl6RTAQYR
> YEC2NWt+8qdI0u6MyQUTqqtXVvM3b+AcuxX1OhQEfFu8NRgm03LcIYAAVNXRd73+
> CkF9/t7lzGRsgo6RwJG9xDnJaFVaE93J0eCRzEm7PhdLWH7BuBhIUM5TAfmIKL4v
> TKsFLOv5H0bZONq29UpBcO19MzRGC6JnsCzBSgLJbz+UK+n0y60HLdc+xegWGT68
> EmdZXyMA6mYCEw0p0Q3UUGgclAQzd7XTkiwKezdZmfUK6t0UICLnmz907D7b3Frn
> 6rqW0Mh7o8rMQBk7LGXB+W5zQpswXV8wNtg2aUboEECqa9lHBZdd071Nf+M1SLcv
> ybheNLrsXoIct9elTo9U9b6bqRgJUYXaRwDXviYCqCif41mnf51K9KDJP3kwM/we
> NSLUqmYTnDkiEFrOXQHhLAkosKbs17B4+7jCIJk8D+6PInBpStc0Ms3PAp0fwK+o
> wC8Mus7dOQU/1nMu4vSjyOD+CYOTGLqWotaOLIqAtIdfF/Z1zsgwWdezDux3tK9v
> FwsXfBoA60pdWBZlhvMIYAtjyEvWM6tjKESUEfJ73nnbWRk1mj6g4eqSfFm/IKA/
> PRpo0nHSQ69rw9YQt9CF5AgnjU7YAvCjptlDDwsoJRmLEf6tIJrqp29I9Y+M8506
> iRDOQreoY3ZUVwsUPaEn
> =SQMw
> -----END PGP SIGNATURE-----
>
> _______________________________________________
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss at lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20170219/09acbde2/attachment-0001.html>


More information about the Dnsmasq-discuss mailing list