[Dnsmasq-discuss] Feature request = block-conf

Ercolino de Spiacico bellocarico at hotmail.com
Sun Mar 27 07:52:52 UTC 2022


 >> [ -f list.of.domain ] && { create the formatted configuration }
 >>
 >> would always fail at dnsmasq level if the list.of.domains doesn't exist
 >> despite the file existence condition defined. I'm not sure this is 
meant
 >> to be and/or if there's a smart workaround that can be used.
 >
 > I don't understand this, could you give more details.


Ok I have progressed on this point since. Basically I worked out the 
dnsmasq is checking the script exit code. as I had something like this 
in the script:

[ -f list.of.domain ] && { create the formatted configuration }

I just had to "force" the exit 0 to the command so:

[ -f list.of.domain ] && { create the formatted configuration } || { 
exit 0; }

This makes the script returning exit 0 regardless and have --test 
ignoring (rightly) any issue with that part of the script. Wanted so 
good enough for me.





 > Note that having loaded the config, dnsmasq has to sort all the domains,
 > which will be part of the time taken. Doing that once makes the lookups
 > much faster.


As part of the adblock.domain formatting I feed it to dnsmasq after a 
sort -u so somehow it's already sorted, Could this internal sorting be 
optionally skipped?





 > How long are you without DNS service?
 >


It's proportional to the number of records in the adblock file. For 
large lists, on a fast router it can easy go into the 15+ seconds. This 
happens relatively frequently on a router where external conditions 
restart dnsmasq "just in case". So answering your question in detail, 
given a relatively basic scripting config:

#######
DOMAINS="/tmp/adblock.domains"

/usr/bin/wget --no-check-certificate -T 15 -q -U "Mozilla/5.0 (X11; 
Linux x86_64; rv:10.0) Gecko/20100101 Firefox/98.0.1" -O- 
https://hosts.oisd.nl | grep -Ev 
'^#.*|^!.*|^::|^\s*?$|^([a-f0-9:]+:+)+[a-f0-9]+' | grep -Eo 
'((([a-zA-Z]{1,2})|([0-9]{1,2})|([a-zA-Z0-9]{1,2})|([a-zA-Z0-9][a-zA-Z0-9-]{1,61}[a-zA-Z0-9]))\.)+[a-zA-Z]{2,6}' 
| sort -u > $DOMAINS

gzip /tmp/adblock.domains

echo "script-conf=/tmp/script.sh" >> /etc/dnsmasq.conf

echo -e "#!/bin/sh\nset -e\n[ -f ${DOMAINS} ] && /bin/zcat ${DOMAINS}.gz 
| /bin/sed -e \"s:^:address=/:\" -e \"s:$:/:\" || exit 0" > /tmp/script.sh

chmod 777 /tmp/script.sh
#######

At this point restarting should give you a magnitude of time. Of course 
on a fast PC/VM this might not be that much, on a router where in the 
best of the cases you have 2x 800/1000MHz the delay is surely noticeable.

This Internet list above (https://hosts.oisd.nl) is 40MB uncompressed, 
the regex extracts domains-only so shrinking it to 60% of its original 
size and the gzip compression shrinks much further. Decompressing and 
scripting it up of course takes time.





 > One possible solution is to add an option to dnsmasq which causes it to
 > send SIGTERM is a process-id _after_ reading config and _before_ opening
 > network sockets. That would delay stopping the old dnsmasq process until
 > the new one is almost ready to go. Would require some clever scripting
 > in the init system or systemd to make it work.


Right! Could you please share more details on this idea? It could be a 
smart workaround indeed.

Thanks



More information about the Dnsmasq-discuss mailing list