loading...

Discussion on: DNSmasq-based DNS blocking

Collapse
p0oker profile image
Pooria A

I'm interested in this setup, just as a question, is there any possible implications like speed or failure to update with latest dns changes?

Collapse
artemis profile image
Diane Author

If you want to have the "noise-blocking" part of Dnsmasq, but nothing else, you can set "default" upstream DNSs in the /etc/resolv.conf file (or a custom file, see this argument).

When you'll make a DNS query, it'll check if it is in the local blocking list, then it'll proxy the request to your upstream DNS, where, without dnsmasq, you'd directly reach to the upstream DNS.

Since dnsmasq may be able to keep a cache (giving you faster answers on DNs you regularly reach), you'll choose between cache (you'll then need the domain name's TTL to reach its end before being refreshed on any update done on remote), and no-cache (you won't have any latency and you'll be up to date, but won't profit from the local cache's responsiveness).

Collapse
p0oker profile image
Pooria A

Thanks I got the idea but not sure local blocking list refers to which concept exactly. Is it the list of domains that I want only to be served from local cache?

Thread Thread
artemis profile image
Diane Author

Basically, dnsmasq (short for dns masquerade) is a DNS proxy / DNS resolver.

The concept of dns-blocking through dnsmasq is configuring dnsmasq to always answer with 0.0.0.0 (an unresolvable but valid IP) to ad / tracking domains.

This is done using the hosts / domains files, or associated configuration rules.

Every ad that you want to block will be set inside the downloaded text files, so dnsmasq will directly answer you with an invalid IP instead of trying to ask upstreams what the real IP address is.

It is a sort of cache, but a purposefully invalid one, for ad domains.

For anything else, it acts as a classic DNS proxy, with customizable caching behaviour and such.


In the domains.txt file, you'll find entries such as the following ones.

[...]
address=/000007.ru/0.0.0.0
address=/000007.ru/::
address=/0001refund.info/0.0.0.0
address=/0001refund.info/::
address=/000free.us/0.0.0.0
address=/000free.us/::
[...]

The address dnsmasq configuration key says "This domain name format should be resolved to the given address".