[Dnsmasq-discuss] patch: block-file/allow-file - for review/feedback
Donald Muller
donmuller22 at outlook.com
Thu May 21 19:43:40 UTC 2026
Interesting.
Is the allow-file used to allow domains that are in the block file?
Since you don't sort the entries how do you handle multiple block/allow files?
________________________________
From: Dnsmasq-discuss <dnsmasq-discuss-bounces at lists.thekelleys.org.uk> on behalf of Ercolino de Spiacico <bellocarico at hotmail.com>
Sent: Thursday, May 21, 2026 1:42 PM
To: dnsmasq-discuss at lists.thekelleys.org.uk <dnsmasq-discuss at lists.thekelleys.org.uk>
Subject: [Dnsmasq-discuss] patch: block-file/allow-file - for review/feedback
In dnsmasq, domain filtering (for example, adblocking) currently relies
on built-in directives such as local and address. That approach works
well up to a point, but it does not scale: around 15 MB (¡Ö700¨C800k
domains) the process hangs regardless of available system resources.
To take a different approach I developed this patch in attachment that
adds two new directives: block-file and allow-file. Summary of the
functionality:
- Uses mmap() to load domain lists into RAM.
- Multiple block-file directives are supported.
- Multiple allow-file directives are supported.
- Example syntax:
block-file=/path/to/blockfile#NX,1
NX is optional and can be replaced with any IP address to return instead
of NX.
The trailing ,1 is optional too, and enables logging when domains from
that file are matched (useful to log only blocked domains).
allow-file=/mnt/USB/blockfile-override,1
- Mapped files must be pre-sorted (sorting is not included in this
patch to keep the code minimal).
- Blocking/allowing behaviour mimics dnsmasq¡¯s current semantics. For
example:
dnsmasq config:
local=/example.com/ (blocked)
server=/www.example.com/ (unblocked)
After the patch:
example.com ¡ú listed in block-file
www.example.com<http://www.example.com> ¡ú listed in allow-file
- Files are loaded one at a time and assesses against the amount of
RAM available. If Current RAM usage + blockfile >= 80% of Total RAM, the
loading is skipped and logged as a warning.
- This code does not change DNS resolution itself; it performs a very
fast name match to decide whether a query should proceed or be answered
with NX or a custom IP.
I developed this patch for FreshTomato router (dnsmasq v2.93rc1). On
those small devices I performed a functional test loading 2.2M domains
(55 MB blockfile) and reload the configuration without interruptions; no
packet drops were observed during a config when reloading. This is
already 3 time the current limit, but I haven't performed any proper
capacity testing yet, which is expected to be much higher.
Any comments or considerations are greatly appreciated.
Thanks.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20260521/c1d91f08/attachment-0001.htm>
More information about the Dnsmasq-discuss
mailing list