Trying to optimize DNSMasq

[danaeckel]

I recently found a website that stated if I use DNSMasq I should change resolv.conf to have 127.0.0.1, and create a resolv.dnsmasq that would contain the information resolv.conf once contained, and also change the line in DNSMasq to point to this file.
Well, I did this, and when I reboot resolv.conf changes back to what it was. Why would that be?

Dana

 

[SirDice]

Well, I did this, and when I reboot resolv.conf changes back to what it was. Why would that be?

Simple, really. It's DHCP that does this. DHCP supplies an IP address, subnet mask, default gateway and DNS servers.

Create a file called /etc/dhclient-enter-hooks and put this in:

add_new_resolv_conf() {
        # We don't want /etc/resolv.conf changed
        # So this is an empty function
        return 0
}

Now dhclient(8) won't overwrite your /etc/resolv.conf anymore.

 

[danaeckel]

Hey thanks, that worked. My next question would be what is the advantage of setting it up to the local host? If one doesn't then your network doesn't take advantage of the DNS cache? Dana

 

[marwis]

There are many advantages in setting up your local DNS resolver. See my post from last month:

You can use a local DNS resolver for many things, e.g.

1. advertisment and tracking prevention with dns/adsuck independent of your browser so no plugins are needed,
2. caching with dnscache() from dns/djbdns to possibly speed up repetitive querries,
3. encryption with dns/dnscrypt-proxy so your ISP doesn't see your DNS traffic. Note that the provider of the service, OpenDNS by default, does see the traffic.

Most importantly, you can chain them all in this order on a single machine. I do this on my workstation, it works.

 

[danaeckel]

Wow, you can do lots with that. Right now I use a host file to block ads. Sometimes I run into sites that can detect I am blocking them. Would dns/adsuck make those sites believe I'm not blocking ads?
Also would dns/djbdns cache be any different than DNSMasq?

Thank you.

 

[marwis]

Right now I use a host file to block ads. Sometimes I run into sites that can detect I am blocking them. Would dns/adsuck make those sites believe I'm not blocking ads?

dns/adsuck uses the same principle. It has a list of hosts files filled with domain names it blocks. I believe it wouldn't make a difference from this point of view.

Out of curiosity, which sites can detect you're blocking their advertisments? I've never came across such a site.

Also would dns/djbdns cache be any different than DNSMasq?

The last time I checked, dns/dnsmasq had the cache size hardcoded in the source code. It was about 100000 records. dnscache() can have its cache size in bytes configured a simple configuration file.

The other thing I appreciated was the separation of DNS process and logging process multilog(). At one point I needed to change the logging settings and I could do so without any downtime of the DNS service that was handling 10-15 concurrent requests.

 

[danaeckel]

Well, one site that can detect is abc.com

 

[marwis]

You're right. This site is blacklisted also in the default dns/adsuck configuration as one big commercial:

# grep abc\.com /var/adsuck/Hosts.pub /var/adsuck/hosts.small
Hosts.pub:127.0.0.1 abc.com
Hosts.pub:127.0.0.1 ads.contentabc.com
Hosts.pub:127.0.0.1 bidabc.com
Hosts.pub:127.0.0.1 click-abc.com
Hosts.pub:127.0.0.1 clickabc.com
Hosts.pub:127.0.0.1 dating-abc.com
Hosts.pub:127.0.0.1 en.boabc.com
Hosts.pub:127.0.0.1 oascentral.13abc.com
Hosts.pub:127.0.0.1 searchabc.com
Hosts.pub:127.0.0.1 www.abc.com
Hosts.pub:127.0.0.1 www.vodyseabc.com
Hosts.pub:127.0.0.1 wwwabc.com
hosts.small:127.0.0.1  static.contentabc.com
hosts.small:127.0.0.1  ads.contentabc.com
hosts.small:127.0.0.1  ads2.contentabc.com

When I come across a site that is worth kicking out of the blacklist, I do so and make adsuck reload its configuration with # kill -s USR1 $(pgrep adsuck)