On Fri, Jun 12, 2020 at 04:33:08PM -0700, Jordan Geoghegan wrote: > > > On 2020-06-12 14:01, George wrote: > > > > On 2020-06-12 3:41 p.m., Maurice McCarthy wrote: > > > You could have a look at > > > https://www.geoghegan.ca/unbound-adblock.html and > > > https://www.geoghegan.ca/pfbadhost.html > > > > Simply great! Will definitely try these out. > > > > Merci! > > > > George > > > > Hey there, > > I'm the author of those scripts. In response to concerns about > heavyness/memory use of DNS blocklists: unbound-adblock is pretty light on > memory (~30MB of RAM usage) as we serve NXDOMAIN responses instead of > redirecting to 0.0.0.0 etc. By doing this we save a massive amount of memory > that would otherwise be spent mapping each domain to a black hole address. I > run unbound-adblock on many Edgerouter Lites and havent had any issues. > > Regards, > > Jordan Geoghegan
I'm using these scripts (or a version of them; I've had them in for a while), and it's using NXDOMAIN which loads way faster and uses a lot less memory. I also slightly tweaked the script I have to include a whitelist file, as my wife keeps finding sites that simply won't work properly. It simply calls sed to remove lines from the unbound-adhosts.conf file Works great. I also set up pf to redirect all DNS queries to my local instance of unbound, so you can't easily bypass it (unless you use DNS over HTTPS). Jon Tabor tab...@obsolete.site
