[Dnsmasq-discuss] About resolution performance and adblock
Buck Horn
buckhorn at weibsvolk.org
Fri Nov 22 11:26:08 UTC 2024
Hi Ercolino,
On 19.11.24 17:31, Ercolino de Spiacico wrote:
> In the context of Adblock, I noticed that our adblock script can
> handle relatively well about 10MB of blockfile which is about 7.8% of
> the device RAM (128MB), after that the resolution time increases
> exponentially to the point where the DNS resolution times-out and more
> importantly the device becomes unstable.
> (...)
> Then, I'm not suggesting we should re-invent the wheel, but perhaps
> there's a margin for a new directive whose behavior is a simple grep
> against a mapped file to be used as an authority for those domains?
> Might be restricted to blocking only (returning NX or 0.0.0.0 or
> 127.0.0.1)? Not sure what the secondary implications of such an idea
> would be, but I'll be glad to hear some comments/opinions on this topic.
You may want to take a look at Pi-hole (https://docs.pi-hole.net).
It's DNS resolver pihole-FTL is a dnsmasq fork, combining it with a
sqlite3 database for blocked domains and a B-tree algorithm for domain
matching, also employing some advanced steps like regex matching, or
deep CNAME inspection to thwart CNAME cloaking.
It also provides a web UI for managing and some statistics, but that is
optional.
All of dnsmasq's configuration options are still available and fully
operational, though you may have to pay attention in places not to
conflict with Pi-hole's default options.
Pi-hole's developers are active on dnsmasq's mailing lists as well,
giving back by committing code improvements to dnsmasq, and Pi-hole team
members sometimes offer a piece of advice here as well (including me).
I've been running that (including web server, web UI and unbound as
upstream, plus wireguard) on a quad core Cortex-A7 SBC with 256MB RAM
(115MB used) and about 750,000 blocked domains (weighing about 17M in
hosts format) plus a few regex blocks without issues for years, with
reply times for blocked domains averaging at ~1 ms and ~4ms for regex
matches.
Kind regards,
Buck
More information about the Dnsmasq-discuss
mailing list