search

ragibkl / adblock-dns-server

Adblock DNS Server powered by Bancuh DNS and dnsdist-acme
https://bancuh.com/
MIT License
63 stars 14 forks source link

new custom rust based dns server #191

Closed ragibkl closed 7 months ago

ragibkl commented 7 months ago

At the moment, this project uses bind/named dns server as the main component.

This dns server is responsible for the following:

Unfortunately, based on recent observation, bind uses a lot of memory. memory result for sg-dns2 image

image

For a server with 4 GiB RAM, and 4 GiB swap memory, server uses 3 GiB ram and 3 GiB swap in total. Most of that RAM is used by the named process, 2.8 GiB. Probably similar amount for swap as well.

I have created a prototype DNS server written in Rust. Project page: https://github.com/ragibkl/bancuh-dns This does the following:

I have deployed this as a test on a new server, sg-dns3.bancuh.com

memory result for sg-dns3: image

image

In total, it uses less that 512 MiB of RAM, no swap is used. The new bancuh-dns server only uses < 200 MiB RAM.

The only downside is that at the moment, it can only do domain resolution by forwarding, and not as a fully recursive dns server.

Also, this is only tested by me, so not enough traffic.

I also don't know if maybe we should try using something else like dnsmasq, which should work in similar way.

ragibkl commented 7 months ago

I've deployed this to sg-dns1, sg-dns2, jp-dns1 I will keep testing these.

@Tomatoide , this is also for your information. Let me know what you think.

ragibkl commented 7 months ago

@Tomatoide , I plan to update fr-dns1 and fr-dns2 to use the new bancuh-dns as well. Do let me know if you have any concerns.

Tomatoide commented 7 months ago

Nice work! Wondering if it is possible to implement caching/optimistic caching

ragibkl commented 7 months ago

Nice work! Wondering if it is possible to implement caching/optimistic caching

Yes. This is something that we can definitely do, since it's all in Rust code. I'll have to investigate further how to implement that.

ragibkl commented 7 months ago

@Tomatoide , I've made the changes to fr-dns1 and fr-dns2. Unfortunately, the ipv6 addresses have changed. I don't know if you use the ipv6 address directly, but the dot and doh should just work because dns records have been updated.

@phanluchoaofficial , I don't know if you still use jp-dns1 server, but I'm also adding jp-dns2 server since it's cheaper now.

For all servers list, see: https://bancuh.com/faq

Tomatoide commented 7 months ago

Is blocklisting implemented in new servers? seems not working at the moment

ragibkl commented 7 months ago

Blocklist should work as usual. Do you have any logs of domains not blocked?

ragibkl commented 7 months ago

@Tomatoide , i just pushed an update an hour ago. That might have caused the server to restart. During this time, the AdBlock db might be empty so it might not block anything yet. Should recover after few minutes.

ragibkl commented 7 months ago

Oh wait, looks like it happened at 3 am my time. I didn't push any updates then.

We have to investigate this.

Tomatoide commented 7 months ago

Blocklists indeed are not working at least on fr try any blocked site and it resolves normally with similar code in logs:

;; opcode: QUERY, status: NXDOMAIN, id: 18779
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
ragibkl commented 7 months ago

@Tomatoide , that is NXDOMAIN. It means no ip address for this domain. The server pretends that it can't find the ip for that domain, so that should block it.

Does that actually shows up as ads on your devices?

If that's the case, I might have to revert to resolving into 0.0.0.0 or :: or something else.

Or maybe the logs viewer is not telling the right thing?

Tomatoide commented 7 months ago

Yes ads and can access websites which should be blocked

ragibkl commented 7 months ago

Ok, I'll have to make some changes to return null as before. Hold on.

Tomatoide commented 7 months ago

I did some tests and it seems doh is working but normal ip is not

ragibkl commented 7 months ago

Hmm, that's quite interesting.

I have a theory that maybe your isp detects any nxdomain, and decides to inject their own ads in-place of the original ads. So I cannot use nxdomain.

That means, I have to return 0.0.0.0 and null ipv6 to block it correctly.

ragibkl commented 7 months ago

@Tomatoide , the change is here: https://github.com/ragibkl/bancuh-dns/commit/c4bb7a32c3abb9c94a0c13eb196f37e732434235 But, it's still building. I'll let you know when it's deployed.

ragibkl commented 7 months ago

@Tomatoide , It's now deployed to both fr servers. Could you test them again? Might need to reboot your device to flush the existing dns cache.

Tomatoide commented 7 months ago

Working now 👍 thank you

ragibkl commented 7 months ago

Looks like everything has been very stable. So I'll close this issue.

I've also rewritten the dnsdist and dnsdist_logs_viewer into a single docker container called dnsdist-acme. Project page: https://github.com/ragibkl/dnsdist-acme

If any issues, please report as a new ticket.

Happy new year!