Menu
What's new
By:
Filters Better Search

Running dnsmasq with a huge config file like pihole - possible/sensible?

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

C

chrisisbd

Occasional Visitor
I currently run dnsmasq on a server on my LAN with a pihole-like configuration. I.e. I have a huge list of advertising sites to ignore in /etc/dnsmasq.d/dnsmasq.blacklist.txt, The file is just a long list of entries like:-

Code: 
...
...
address=/krer.com/   
address=/kreruf.wiki/
address=/kresimir.emiliamilena.pl/
address=/krespyst.com/
address=/krestinaful.com/
address=/krestovskiy.nik.siteme.org/
address=/kreten.banjalucke-ljepotice.ru/
address=/kreud.com/
address=/kreuz.hopto.org/
...
...

The blacklist gets updated weekly using a cron job. It's about 12Mb, 400000 lines.

Can the dnsmasq on an Asus router (e.g. DSL-AC68U) cope with something like this? I know some people have got pihole running on Asuswrt-Merlin and the above dnsmasq configuration is basically what pihole does, so it seems that it should work OK. I have entware installed, there's a USB stick providing 32Gb of disk space, so disk space isn't an issue for the file (it won't need to be in /jffs), I just wonder about the memory requirements of dnsmasq when it loads the file.

Any/all feedback would be very welcome.
 
Most Merlin users just run the Diversion Addon to do ad-blocking. That wheel has already been invented.
www.snbforums.com

Diversion - Diversion 5.1.3 - the Router Ad-Blocker, May 09, 2024

Welcome This is Diversion - the Router Ad-Blocker for Asuswrt-Merlin For more about Diversion check out the Diversion website. What's new in this Diversion 5.1.3 patch release Deregisters additional Dnsmasq instance IPs when rebooting. Diversion is free to use under the GNU General Public...
www.snbforums.com www.snbforums.com
 
Last edited:
dave14305 said:
Most Merlin users just run the Diversion Addon to do ad-blocking. That wheel has already been invented.
www.snbforums.com

Diversion - Diversion 5.1.3 - the Router Ad-Blocker, May 09, 2024

Welcome This is Diversion - the Router Ad-Blocker for Asuswrt-Merlin For more about Diversion check out the Diversion website. What's new in this Diversion 5.1.3 patch release Deregisters additional Dnsmasq instance IPs when rebooting. Diversion is free to use under the GNU General Public...
www.snbforums.com www.snbforums.com
Click to expand...
But some Merlin (and stock FW?) users (raising hand here re: Merlin) rely instead on WWW browser extensions which have much more intimate (thus more specific) knowledge, plus running relatively very much more effortlessly on superior hardware...
 
glens said:
But some Merlin (and stock FW?) users (raising hand here re: Merlin) rely instead on WWW browser extensions which have much more intimate (thus more specific) knowledge, plus running relatively very much more effortlessly on superior hardware...
Click to expand...
Which means your ad blocking is not universal. With diversion everyone in your network is covered. ;)
 
Not worried about "everything in my network"... Client phone apps are going to do what they do, and I doubt Meta (which I don't use, despite having an /extremely/ low user ID, if they remember me) is using DNS anyway. They make their living doing end-runs on that kind of stuff. Web browser traffic is the only thing /I/ consider worth fighting over, and the few clients which do that here are very easily maintained individually; duckduckgo browsers and same browser extension plus uBlock Origin browser extension does all I deem necessary.

Prior to google pushing HTTPS on everybody/everything I used to maintain an elaborate privoxy setup. Nothing like making web pages do/act like one wants instead of how /they/ want it to behave. I'm confident that google's "we want to keep everybody safe" shirt really means "we don't want anybody thwarting our efforts by using proxies."
 
Last edited:
glens said:
Not worried about "everything in my network"... Client phone apps are going to do what they do, and I doubt Meta (which I don't use, despite having an /extremely/ low user ID, if they remember me) is using DNS anyway. They make their living doing end-runs on that kind of stuff. Web browser traffic is the only thing /I/ consider worth fighting over, and the few clients which do that here are very easily maintained individually; duckduckgo browsers and same browser extension plus uBlock Origin browser extension does all I deem necessary.

Prior to google pushing HTTPS on everybody/everything I used to maintain an elaborate privoxy setup. Nothing like making web pages do/act like one wants instead of how /they/ want it to behave. I'm confident that google's "we want to keep everybody safe" shirt really means "we don't want anybody thwarting our efforts by using proxies."
Click to expand...
No one apps/browser escapes DNS and when Global router is controlled everyone is diversioned. 😁Don't get me wrong I use UO with my browser when watching youtube only, it's a good thing UO can be toggled on/off effectively using on demand when needed.
 
Last edited:
bluepoint said:
No one apps/browser escapes DNS
Click to expand...
Methinks investigating that notion might prove worthwhile to you. Anti-"thwarting" measures go well beyond dumping the HTTP (non-S) protocol. DNS block-lists are old-school anymore. Not entirely without value yet, but certainly much less so than historically.
 
glens said:
Methinks investigating that notion might prove worthwhile to you. Anti-"thwarting" measures go well beyond dumping the HTTP (non-S) protocol. DNS block-lists are old-school anymore. Not entirely without value yet, but certainly much less so than historically.
Click to expand...
Thwarting is the reason google wants us to use DoH, safari for different method to avoid being mis-directed but knowledgeable user knows how to avoid them or use different way(DoT) if wants DNS encrypted. Users need to cope with time and not get stuck with old habits.
 
You must log in or register to reply here.

Similar threads

garycnew
Tutorial [SOLUTION] Asuswrt-Merlin Tor via Bridge, Device, Browser, Entry (Guard)/Middle (Non-Exit) Relay, and Device/Browser/Relay Hybrid Implementations
2
Replies
22
Views
15K
garycnew
garycnew
thelonelycoder
AdBlocking with combined hosts file
25 26 27
Replies
534
Views
152K
thelonelycoder
thelonelycoder
Similar threads
Thread starter Title Forum Replies Date
D L2TP client on ax88U pro running latest merlin firmware how to add device Asuswrt-Merlin 0
B Unable to establish VPN connection to my PiVPN (ovpn) from my Asus RT-AC86U running Asuswrt-Merlin 386.14 Asuswrt-Merlin 1
H Asus RT-AX58U v2 Merlin: Route all traffic to Pi-hole (running directly on router itself) Asuswrt-Merlin 12
L "Maximum number of concurrent DNS queries" with strange lb._dns-sd._udp. ... .in-addr.arpa reverse DNS queries (has Pi running Adguard Home + Unbound) Asuswrt-Merlin 2
J Mesh router running Merlin with node on stock questions Asuswrt-Merlin 7
T Open ports on WAN for service running on the router Asuswrt-Merlin 8
H Solved xbox one not able to sign in when connected through router running asuswrt-merlin on an rt-ac5300. Asuswrt-Merlin 5
W Tera Term can't SSH connect to router running Merlin 384, but works when flash back to ASUS stock FW Asuswrt-Merlin 6
R Getting flooded with log entries I don't understand on my RT-AX86U Pro running 3004.388.6_2 Asuswrt-Merlin 13
E Web proxy running locally on ASUS Router Asuswrt-Merlin 2

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 775 (members: 30, guests: 745)
Top