[Dnsmasq-discuss] Scalability of DNS blackhole configuration?
Simon Kelley
simon at thekelleys.org.uk
Sun Feb 19 18:10:08 GMT 2017
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
There are two ways to do this: one is the way you have.
The second is using either a file in the same format as /etc/hosts
and --addn-hosts, using --host-record.
Either probably have similar memory-footprint implications, but the
first does wildcards, so your example actually matches
www.example.com, mail.example.com etc. The second doesn't do
wildcards, but will be much faster as you go through the next couple
of orders of magnitude.
There are no hard limits, but there are always pratical limits.
Cheers,
Simon.
On 16/02/17 19:19, Mike Lee wrote:
> Hi folks, I'm redirecting undesirable domains to a "black hole" to
> prevent normal DNS resolution.
>
> Specifically, I have this line in my dnsmasq.conf:
>
> conf-file=/etc/dnsmasq-blackhole.conf
>
> That file in turn has multiple lines of the form:
>
> address=/example.com/127.0.0.1 <http://example.com/127.0.0.1>
>
> I just recently added a new source of domains from
> malwaredomains.com <http://malwaredomains.com>, and my
> blackhole.conf has now ballooned to roughly 20k lines. Those 20k
> lines appear to consume about 3MB of memory. The daemon appears to
> be running fine, but memory aside, for future reference is there a
> practical or hard limit to how this type of configuration will
> scale? Will it gracefully handle 200k such domain configuration
> lines? 2M lines?
>
> Thanks!
>
> --Mike
>
>
> _______________________________________________ Dnsmasq-discuss
> mailing list Dnsmasq-discuss at lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
iQIcBAEBCAAGBQJYqd9/AAoJEBXN2mrhkTWi2EMP/RmPgJFhIBn9en2hl6RTAQYR
YEC2NWt+8qdI0u6MyQUTqqtXVvM3b+AcuxX1OhQEfFu8NRgm03LcIYAAVNXRd73+
CkF9/t7lzGRsgo6RwJG9xDnJaFVaE93J0eCRzEm7PhdLWH7BuBhIUM5TAfmIKL4v
TKsFLOv5H0bZONq29UpBcO19MzRGC6JnsCzBSgLJbz+UK+n0y60HLdc+xegWGT68
EmdZXyMA6mYCEw0p0Q3UUGgclAQzd7XTkiwKezdZmfUK6t0UICLnmz907D7b3Frn
6rqW0Mh7o8rMQBk7LGXB+W5zQpswXV8wNtg2aUboEECqa9lHBZdd071Nf+M1SLcv
ybheNLrsXoIct9elTo9U9b6bqRgJUYXaRwDXviYCqCif41mnf51K9KDJP3kwM/we
NSLUqmYTnDkiEFrOXQHhLAkosKbs17B4+7jCIJk8D+6PInBpStc0Ms3PAp0fwK+o
wC8Mus7dOQU/1nMu4vSjyOD+CYOTGLqWotaOLIqAtIdfF/Z1zsgwWdezDux3tK9v
FwsXfBoA60pdWBZlhvMIYAtjyEvWM6tjKESUEfJ73nnbWRk1mj6g4eqSfFm/IKA/
PRpo0nHSQ69rw9YQt9CF5AgnjU7YAvCjptlDDwsoJRmLEf6tIJrqp29I9Y+M8506
iRDOQreoY3ZUVwsUPaEn
=SQMw
-----END PGP SIGNATURE-----
More information about the Dnsmasq-discuss
mailing list