Consider adding build support for DNSMasq 'address=/<domain>/'

[a-raccoon]

I run my bad hosts list on a dd-wrt router with DNSMasq. Rather than relying on my local machines and mobile devices to block hosts, I can do it all from my network hardware's DNS system.

Bonus. It blocks all sub-domains for those nasty servers that use random subdomains to evade hosts blocking, since hosts files do not support wildcard blocking.

Format

address=/000.gaysexe.free.fr/
address=/000webhostapp.com/
address=/000tristanprod.free.fr/
address=/007angels.com/
address=/007freepics.com/
address=/00author.com/

[mitchellkrogza]

Thanks for the suggestion @a-raccoon ask and ye shall receive. Check repo root for the dnsmasq formatted list. Welcome any comments.

[a-raccoon]

Thank you! This is very cool. Sadly, though, I guess my currently deployed network gateway doesn't have enough ram or rom to support this many entries (it's running on a micro build). I'd like to know if anyone running better hardware gets this list to store and load for them. It's a far better solution than a hosts-file in my opinion, especially given the new trend of dynamically generated sub-domains to evade hosts files, and to exploit HSTS tracking.

[mitchellkrogza]

Anytime @a-raccoon I think the DD-WRT doesn't have too much rom space available for such a large file. It's probably best to get yourself a pi-hole setup as your primary firewall, we have a number of pi-hole users of our various lists.

[dnmTX]

@a-raccoon i'm with the latest DD-WRT's KONG build and all my hosts(files) are stored on external(SD CARD) storage hooked up to my router (RT-AC68U). You can do it this way and just download the hosts file from here to the storage and use addn-hosts=/path/to/the/hosts/file for dnsmasq. Also you can add as many addn-hosts= as you want and never worry about running out of space or something. The reason you facing those issues is that most likely the dnsmasq's config file has some storage limitation(at least on DD-WRT's bulds) but if you load it externally as described above you are golden 👍

P.S.

It's a far better solution than a hosts-file in my opinion

There is no difference,it's all the same and thank's to dnsmasq it's fast as hell

since hosts files do not support wildcard blocking

dnsmasq also doesn't support wildcards so again,just to clarify cause you are definitely confused on how things work: either adding each domain address=/bla-bla.com/ to dnsmasq's config file or loading it externally as a hosts IT IS ALL THE SAME

[a-raccoon]

For clarity, HOSTS files (ie, in windows, linux) don't support wildcards or /implied wildcards/, but DNSMASQ does automatically include all subdomains, as in wildcard inheritance. I did not mean literal asterisk wildcards. You would have to manually add a second entry to DNSMASQ to exclude a subdomain or set of subdomains from inclusion.

Here is an example:

# HOSTS file
0.0.0.0 foo.adserver.com
0.0.0.0 bar.adserver.com
0.0.0.0 baz.adserver.com
0.0.0.0 quux.adserver.com

# DNSMASQ
address=/adserver.com/

You cannot use a single adserver.com entry in HOSTS because it will not block the subdomains foo bar baz quux, but it will so do in DNSMASQ. Some adservers have 10's of thousands of subdomains for the sole purpose of defeating HOST files, by design. It's an obstacle that only DNSMASQ can overcome.

Thanks for the idea of getting a router with an external SD card or USB storage. That may be what I have to do at this point. My current TP-LINK only has 2mb rom and 4mb ram with no external storage. Maybe if I can find a way to path/to/dnsmasq/file and build a file that I can some how permanently store to rom via telnet/ssh, but I honestly don't know if that's possible or how to approach it.

I'm glad this list formatting is indeed useful to some already.

[dnmTX]

Can you PLEASE do some research before you spill more nonsense here(and who knows where else) and just mislead others who are not familiar with how dnsmasq works as you are. dnsmasq WILL NOT BLOCK subdomains,only if the main domain is given(aka wildcard). This so far was only achieved with PI-HOLE,but over there the developers are using their own reconstructed version of dnsmasq which has nothing to do with the original which also is in use on your router.

I'm glad this list formatting is indeed useful to some already

No,it's not.At least not for anyone from the DD-WRT community.Besides you,but you are confused and misguided anyhow so enjoy it.

IN CONCLUSION: I didn't mean to be that rude,but man...you keep pushing it.So i'm done here. I guess the saying "no good deed goes unpunished" it's spot on here.

@mitchellkrogza sorry about that,for the feature will refrain from commenting unless it's very much necessary.

[a-raccoon]

Sir. I'm going to have to ask you to leave. You obviously didn't read anything I said or you just don't know how computers work, and clearly didn't bother to try it yourself. I've blocked you.

[mitchellkrogza]

Stay calm folks. As per our dnsmasq formatted list on https://github.com/mitchellkrogza/Ultimate.Hosts.Blacklist we use the .dotted format list.

.0------------0-------------0.0n-line.info
.0--0.0--0.blue-jade.net
.0--ass-cinema-newsp.da.ru
.0--fightingshaving.da.ru

So this current format I created for @a-raccoon is this a DD-WRT specific format? I do not use DNSMasq or DD-WRT routers myself.

GitHub

mitchellkrogza/Ultimate.Hosts.Blacklist

The Ultimate Unified Hosts file for protecting your network, computer, smartphones and Wi-Fi devices against millions of bad web sites. Protect your children and family from gaining access to bad w...

[a-raccoon]

@mitchellkrogza, I don't know about a dot-formatting in DNSMASQ. As far as I can tell, the format I requested is generally supported by all current (and probably for a very long time) DNSMASQ implementations. It will block the domain specified, and all subdomains, and it will return an "Unknown Domain" response as if the domain is not registered. It will NOT return a localhost or loopback address of 0.0.0.0 or 127.0.0.1, instead it will report the domain simply does not exist period, which is ideal, and works for IPv4 and IPv6 requests.

There are other formattings possible if you are interested. If you want a 0.0.0.0 ipv4 and :: ipv6 response, the syntax is instead thusly: (but i don't recommend this format)

# DNSMASQ
address=/adserver.com/#

reference: http://www.thekelleys.org.uk/dnsmasq/docs/dnsmasq-man.html