[Dnsmasq-discuss] How may is too many CNAME references?

Petr Menšík pemensik at redhat.com
Wed Sep 29 15:28:52 UTC 2021


Please note too big blocklists take significantly more memory in dnsmasq
runtime than on just address=hostname.example.net in plain text file. If
your router does not have enough storage, add USB drive. If it has very
low memory, I think you should direct your DNS queries to better suited
central server, if you have (tens of) thousands of lines in blocklist.

Altough there is somehow simple way. You should be able to use zcat
dnsmasq.conf.gz | dnsmasq --conf-file=/dev/stdin. But as I said, it
would still take a memory during runtime, which is significantly more
than just those lines. The more lines you include, the more work is has
to spend PER EACH query. It has improved recently, but it might be
significant work on a weak hardware. Are there public services, to which
you can point your dnsmasq instead? Filtering those names already for
you? What is the source of your block lists?

Cheers,
Petr

On 9/28/21 09:55, Ercolino de Spiacico wrote:
> Ok understood and very valid answer.
>
> Let's remember one thing the (excellent) dnsmasq is extremely common
> in small routers and embedded devices where permanent storage is often
> not available.
>
> I am ok sticking to address= syntax so working on A records only but I
> was wondering if dnsmasq could go the extra mile. Let me explain here
> below.
>
> In embedded systems with only Flash+squash-filesystem a "file" is
> actually stored in RAM. In case of adblock this file can take up lots
> of RAM... some adblock lists are MBs in size and contain domains only
> (one per line). If we are to process the list to prefix the
> "address=/" directive and even suffix the IP address the file (RAM
> demand) can easily double in size.
>
> Is there a potential for dnsmasq to facilitate this cases? What I'm
> thinking is for dnsmasq to allow e.g. a new syntax like:
>
> address=\file:$path_to_a_domains_list_file\IP
>
> and every line in that file is always prefixed/suffixed with the
> information of the directive referencing the file. This would keep the
> domain blocking info to a bare minimum, so essentially  the file would
> need to contain only a list of domains (one per line).
>
> Just a thought... if you google this you'll see that
> ads/domain-blocking is actually relatively common on embedded devices;
> opensource router-firmware in-primis: Tomato, DD-WRT, OpenWRT, etc.
>
> Thanks
>
> _______________________________________________
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss at lists.thekelleys.org.uk
> https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
>
-- 
Petr Menšík
Software Engineer
Red Hat, http://www.redhat.com/
email: pemensik at redhat.com
PGP: DFCF908DB7C87E8E529925BC4931CA5B6C9FC5CB




More information about the Dnsmasq-discuss mailing list