search

serverless-dns / blocklists

An opinionated collection of blocklists for RethinkDNS.
https://rethinkdns.com/configure
Mozilla Public License 2.0
83 stars 26 forks source link

OISD Extra #27

Closed ignoramous closed 1 year ago

ignoramous commented 2 years ago

A user says,

What about DNS Rebinding protection?

Also please add OISD Extra to your blocklists please.

A double please. Surely, we are including it? Must get confirmation from Stefan (OISD), first.

0xRustlang commented 2 years ago

This also will be great for those that don't want to use something like energized or 1hosts pro but wants a little more strict blocking from OISD as this blocks common trackers like google-analytics and its ad domain and such but main OISD won't block those to not cause false positives.

0xRustlang commented 2 years ago

Also I don't know if i should create an issue here or in serverless repo, if you can support abp or wildcard format, probably you can make the size of your lists and may be the overhead of their processing lower.

Specially for example OISD Full in abp format is 800 KB in size and about 300 lines but its hosts format is if i remember correctly 20-60 MB and more than 1M lines.

From what i remember 1hosts didn't have much difference between these variants (i don't know why!)

But may be more lists be in a such difference in size if their maintainers have done a good job of converting like OISD.

But it is a trade off that you should consider if it is beneficial for you or its time wasting will be more than its benefits.

Best regards.

ignoramous commented 2 years ago

Hi there,

Also I don't know if i should create an issue here or in serverless repo

This is the right place for it.

if you can support abp or wildcard format, probably you can make the size of your lists and may be the overhead of their processing lower.

RethinkDNS already supports wildcards (*). With ABP, the CPU utilization is a problem. Today, on median, the servers spend less than 1ms CPU per DNS request, and we would like to have it stay that way.

Specially for example OISD Full in abp format is 800 KB in size and about 300 lines but its hosts format is if i remember correctly 20-60 MB and more than 1M lines.

We compress the lists ourselves into what's known as compact radix-trie. But sure, wildcards and abp are more efficient representation but they cost CPU cycles (which is also a problem on mobile devices where we run similar code as on the servers).

0xRustlang commented 2 years ago

We compress the lists ourselves into what's known as compact radix-trie. But sure, wildcards and abp are more efficient representation but they cost CPU cycles (which is also a problem on mobile devices where we run similar code as on the servers).

Oh, Excuse me. I thought that wildcards and abp format will be more efficient.

I didn't know it is the opposite 😅

Thanks Best regards.

ignoramous commented 1 year ago

Extra seems to have a few domains that OISD otherwise whitelists. Not sure why one would use it over, say, 1Hosts (Pro), if that's the case. Closing this until someone has strong justification to include OISD Extra in one of 250 blocklist slots we have available for Rethink.