Closed ragibkl closed 7 months ago
I've deployed this to sg-dns1, sg-dns2, jp-dns1 I will keep testing these.
@Tomatoide , this is also for your information. Let me know what you think.
@Tomatoide , I plan to update fr-dns1 and fr-dns2 to use the new bancuh-dns as well. Do let me know if you have any concerns.
Nice work! Wondering if it is possible to implement caching/optimistic caching
Nice work! Wondering if it is possible to implement caching/optimistic caching
Yes. This is something that we can definitely do, since it's all in Rust code. I'll have to investigate further how to implement that.
@Tomatoide , I've made the changes to fr-dns1 and fr-dns2. Unfortunately, the ipv6 addresses have changed. I don't know if you use the ipv6 address directly, but the dot and doh should just work because dns records have been updated.
@phanluchoaofficial , I don't know if you still use jp-dns1 server, but I'm also adding jp-dns2 server since it's cheaper now.
For all servers list, see: https://bancuh.com/faq
Is blocklisting implemented in new servers? seems not working at the moment
Blocklist should work as usual. Do you have any logs of domains not blocked?
@Tomatoide , i just pushed an update an hour ago. That might have caused the server to restart. During this time, the AdBlock db might be empty so it might not block anything yet. Should recover after few minutes.
Oh wait, looks like it happened at 3 am my time. I didn't push any updates then.
We have to investigate this.
Blocklists indeed are not working at least on fr try any blocked site and it resolves normally with similar code in logs:
;; opcode: QUERY, status: NXDOMAIN, id: 18779
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
@Tomatoide , that is NXDOMAIN
. It means no ip address for this domain. The server pretends that it can't find the ip for that domain, so that should block it.
Does that actually shows up as ads on your devices?
If that's the case, I might have to revert to resolving into 0.0.0.0
or ::
or something else.
Or maybe the logs viewer is not telling the right thing?
Yes ads and can access websites which should be blocked
Ok, I'll have to make some changes to return null as before. Hold on.
I did some tests and it seems doh is working but normal ip is not
Hmm, that's quite interesting.
I have a theory that maybe your isp detects any nxdomain, and decides to inject their own ads in-place of the original ads. So I cannot use nxdomain.
That means, I have to return 0.0.0.0
and null ipv6 to block it correctly.
@Tomatoide , the change is here: https://github.com/ragibkl/bancuh-dns/commit/c4bb7a32c3abb9c94a0c13eb196f37e732434235 But, it's still building. I'll let you know when it's deployed.
@Tomatoide , It's now deployed to both fr servers. Could you test them again? Might need to reboot your device to flush the existing dns cache.
Working now 👍 thank you
Looks like everything has been very stable. So I'll close this issue.
I've also rewritten the dnsdist and dnsdist_logs_viewer into a single docker container called dnsdist-acme. Project page: https://github.com/ragibkl/dnsdist-acme
If any issues, please report as a new ticket.
Happy new year!
At the moment, this project uses bind/named dns server as the main component.
This dns server is responsible for the following:
Unfortunately, based on recent observation, bind uses a lot of memory. memory result for sg-dns2![image](https://github.com/ragibkl/adblock-dns-server/assets/18181377/b41608ee-a11a-462e-98be-927a94192d83)
For a server with 4 GiB RAM, and 4 GiB swap memory, server uses 3 GiB ram and 3 GiB swap in total. Most of that RAM is used by the
named
process, 2.8 GiB. Probably similar amount for swap as well.I have created a prototype DNS server written in Rust. Project page: https://github.com/ragibkl/bancuh-dns This does the following:
I have deployed this as a test on a new server,
sg-dns3.bancuh.com
memory result for sg-dns3:![image](https://github.com/ragibkl/adblock-dns-server/assets/18181377/cc14aef1-f2ee-4a9f-906a-98e6a1482b2c)
In total, it uses less that 512 MiB of RAM, no swap is used. The new bancuh-dns server only uses < 200 MiB RAM.
The only downside is that at the moment, it can only do domain resolution by forwarding, and not as a fully recursive dns server.
Also, this is only tested by me, so not enough traffic.
I also don't know if maybe we should try using something else like dnsmasq, which should work in similar way.