how can I combine dnsmasq and urlblacklist? Announcing the arrival of Valued Associate #679:...

Output Devanagari (Hindi) from raw unicode using luatex

What is an "asse" in Elizabethan English?

Can the Flaming Sphere spell be rammed into multiple Tiny creatures that are in the same 5-foot square?

Misunderstanding of Sylow theory

Sum letters are not two different

Semigroups with no morphisms between them

How do living politicians protect their readily obtainable signatures from misuse?

Do wooden building fires get hotter than 600°C?

An adverb for when you're not exaggerating

Crossing US/Canada Border for less than 24 hours

AppleTVs create a chatty alternate WiFi network

preposition before coffee

Karn the great creator - 'card from outside the game' in sealed

Google .dev domain strangely redirects to https

Prove that BD bisects angle ABC

How can I set the aperture on my DSLR when it's attached to a telescope instead of a lens?

What does Turing mean by this statement?

Strange behavior of Object.defineProperty() in JavaScript

Girl Hackers - Logic Puzzle

What initially awakened the Balrog?

Is multiple magic items in one inherently imbalanced?

What to do with repeated rejections for phd position

How many time has Arya actually used Needle?

What's the point of the test set?



how can I combine dnsmasq and urlblacklist?



Announcing the arrival of Valued Associate #679: Cesar Manara
Planned maintenance scheduled April 23, 2019 at 23:30 UTC (7:30pm US/Eastern)dnsmasq without altering /etc/hosts file manuallydnsmasq: how to handle the local domain (A, PTR)?OpenWRT based gateway with dnsmasq and internal server with bindDD-WRT: dnsmasq headaches with static hostsLocate Host Name on LAN with DNSMasqRADVD for IPv6 assignement, DNSMasq for DHCP handing out DNS for IPv6 clients - how to do?DNSMasq refuse to assign correct addressHow do I configure dnsmasq to resolve local hostnames with dualstack ipv4 & ipv6?How to use dnsmasq address directive while having different nameservers for each lan interfacednsmasq: forward local domain when not on dhcp





.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ height:90px;width:728px;box-sizing:border-box;
}







6















Is there a way to integrate dnsmasq and the popular urlblacklist.com list?



I thought about adding all the entries with the -A flag, but that's a lot of hosts for dnsmasq to process, especially on a low-powered ARM device and I would need to write a script to parse the blacklist each time it needed to be updated, so I'm hoping there's a better approach to this overall.



To clarify the -A flag, taken from the man page for dnsmasq:



-A, --address=/<domain>/[domain/]<ipaddr> 

Specify an IP address to return for any host in the given domains.
Queries in the domains are never forwarded and always replied to with
the specified IP address which may be IPv4 or IPv6. To give both IPv4
and IPv6 addresses for a domain, use repeated -A flags. Note that
/etc/hosts and DHCP leases override this for individual names. A
common use of this is to redirect the entire doubleclick.net domain to
some friendly local web server to avoid banner ads. The domain
specification works in the same was as for --server, with the
additional facility that /#/ matches any domain. Thus
--address=/#/1.2.3.4 will always return 1.2.3.4 for any query not
answered from /etc/hosts or DHCP and not sent to an upstream
nameserver by a more specific --server directive.









share|improve this question
















bumped to the homepage by Community 7 hours ago


This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
















  • when you say with -A flag do you mean iptables -A or which command?

    – cybernard
    Oct 7 '13 at 23:37











  • added relevant info about the -A flag.

    – Michael Lang
    Oct 8 '13 at 15:10











  • Does the offending traffic need to be redirected or can we just drop it?

    – cybernard
    Oct 8 '13 at 23:59











  • redirected. I'm actually digging into iptables now as that may be the better place to deal with what they call "discretionary access control (DAC)" For now, I did manage to get a limited version of what I ultimately wanted with squid3 as a transparent proxy and squidguard, but this only protects http/https browsing, not all ports.

    – Michael Lang
    Oct 9 '13 at 18:27











  • urlblacklist.com has 3 million entries. "iptables" by itself will suck. If you combine "iptables" with "ipset" then it won't kill your performance. One "iptables" tables rule will block a whole set of ip addresses(up to 65535 per set). You can create a list:set containing 8 individual sets. You will still, however, require many sets. However, the entire ipset config can be saved like this "ipset save >all.txt" or restored like this "ipset restore <all.txt" no matter how big or complex the configuration.

    – cybernard
    Oct 9 '13 at 21:51


















6















Is there a way to integrate dnsmasq and the popular urlblacklist.com list?



I thought about adding all the entries with the -A flag, but that's a lot of hosts for dnsmasq to process, especially on a low-powered ARM device and I would need to write a script to parse the blacklist each time it needed to be updated, so I'm hoping there's a better approach to this overall.



To clarify the -A flag, taken from the man page for dnsmasq:



-A, --address=/<domain>/[domain/]<ipaddr> 

Specify an IP address to return for any host in the given domains.
Queries in the domains are never forwarded and always replied to with
the specified IP address which may be IPv4 or IPv6. To give both IPv4
and IPv6 addresses for a domain, use repeated -A flags. Note that
/etc/hosts and DHCP leases override this for individual names. A
common use of this is to redirect the entire doubleclick.net domain to
some friendly local web server to avoid banner ads. The domain
specification works in the same was as for --server, with the
additional facility that /#/ matches any domain. Thus
--address=/#/1.2.3.4 will always return 1.2.3.4 for any query not
answered from /etc/hosts or DHCP and not sent to an upstream
nameserver by a more specific --server directive.









share|improve this question
















bumped to the homepage by Community 7 hours ago


This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
















  • when you say with -A flag do you mean iptables -A or which command?

    – cybernard
    Oct 7 '13 at 23:37











  • added relevant info about the -A flag.

    – Michael Lang
    Oct 8 '13 at 15:10











  • Does the offending traffic need to be redirected or can we just drop it?

    – cybernard
    Oct 8 '13 at 23:59











  • redirected. I'm actually digging into iptables now as that may be the better place to deal with what they call "discretionary access control (DAC)" For now, I did manage to get a limited version of what I ultimately wanted with squid3 as a transparent proxy and squidguard, but this only protects http/https browsing, not all ports.

    – Michael Lang
    Oct 9 '13 at 18:27











  • urlblacklist.com has 3 million entries. "iptables" by itself will suck. If you combine "iptables" with "ipset" then it won't kill your performance. One "iptables" tables rule will block a whole set of ip addresses(up to 65535 per set). You can create a list:set containing 8 individual sets. You will still, however, require many sets. However, the entire ipset config can be saved like this "ipset save >all.txt" or restored like this "ipset restore <all.txt" no matter how big or complex the configuration.

    – cybernard
    Oct 9 '13 at 21:51














6












6








6


1






Is there a way to integrate dnsmasq and the popular urlblacklist.com list?



I thought about adding all the entries with the -A flag, but that's a lot of hosts for dnsmasq to process, especially on a low-powered ARM device and I would need to write a script to parse the blacklist each time it needed to be updated, so I'm hoping there's a better approach to this overall.



To clarify the -A flag, taken from the man page for dnsmasq:



-A, --address=/<domain>/[domain/]<ipaddr> 

Specify an IP address to return for any host in the given domains.
Queries in the domains are never forwarded and always replied to with
the specified IP address which may be IPv4 or IPv6. To give both IPv4
and IPv6 addresses for a domain, use repeated -A flags. Note that
/etc/hosts and DHCP leases override this for individual names. A
common use of this is to redirect the entire doubleclick.net domain to
some friendly local web server to avoid banner ads. The domain
specification works in the same was as for --server, with the
additional facility that /#/ matches any domain. Thus
--address=/#/1.2.3.4 will always return 1.2.3.4 for any query not
answered from /etc/hosts or DHCP and not sent to an upstream
nameserver by a more specific --server directive.









share|improve this question
















Is there a way to integrate dnsmasq and the popular urlblacklist.com list?



I thought about adding all the entries with the -A flag, but that's a lot of hosts for dnsmasq to process, especially on a low-powered ARM device and I would need to write a script to parse the blacklist each time it needed to be updated, so I'm hoping there's a better approach to this overall.



To clarify the -A flag, taken from the man page for dnsmasq:



-A, --address=/<domain>/[domain/]<ipaddr> 

Specify an IP address to return for any host in the given domains.
Queries in the domains are never forwarded and always replied to with
the specified IP address which may be IPv4 or IPv6. To give both IPv4
and IPv6 addresses for a domain, use repeated -A flags. Note that
/etc/hosts and DHCP leases override this for individual names. A
common use of this is to redirect the entire doubleclick.net domain to
some friendly local web server to avoid banner ads. The domain
specification works in the same was as for --server, with the
additional facility that /#/ matches any domain. Thus
--address=/#/1.2.3.4 will always return 1.2.3.4 for any query not
answered from /etc/hosts or DHCP and not sent to an upstream
nameserver by a more specific --server directive.






dnsmasq blacklist






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Oct 8 '13 at 15:09







Michael Lang

















asked Oct 7 '13 at 20:05









Michael LangMichael Lang

15815




15815





bumped to the homepage by Community 7 hours ago


This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.







bumped to the homepage by Community 7 hours ago


This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.















  • when you say with -A flag do you mean iptables -A or which command?

    – cybernard
    Oct 7 '13 at 23:37











  • added relevant info about the -A flag.

    – Michael Lang
    Oct 8 '13 at 15:10











  • Does the offending traffic need to be redirected or can we just drop it?

    – cybernard
    Oct 8 '13 at 23:59











  • redirected. I'm actually digging into iptables now as that may be the better place to deal with what they call "discretionary access control (DAC)" For now, I did manage to get a limited version of what I ultimately wanted with squid3 as a transparent proxy and squidguard, but this only protects http/https browsing, not all ports.

    – Michael Lang
    Oct 9 '13 at 18:27











  • urlblacklist.com has 3 million entries. "iptables" by itself will suck. If you combine "iptables" with "ipset" then it won't kill your performance. One "iptables" tables rule will block a whole set of ip addresses(up to 65535 per set). You can create a list:set containing 8 individual sets. You will still, however, require many sets. However, the entire ipset config can be saved like this "ipset save >all.txt" or restored like this "ipset restore <all.txt" no matter how big or complex the configuration.

    – cybernard
    Oct 9 '13 at 21:51



















  • when you say with -A flag do you mean iptables -A or which command?

    – cybernard
    Oct 7 '13 at 23:37











  • added relevant info about the -A flag.

    – Michael Lang
    Oct 8 '13 at 15:10











  • Does the offending traffic need to be redirected or can we just drop it?

    – cybernard
    Oct 8 '13 at 23:59











  • redirected. I'm actually digging into iptables now as that may be the better place to deal with what they call "discretionary access control (DAC)" For now, I did manage to get a limited version of what I ultimately wanted with squid3 as a transparent proxy and squidguard, but this only protects http/https browsing, not all ports.

    – Michael Lang
    Oct 9 '13 at 18:27











  • urlblacklist.com has 3 million entries. "iptables" by itself will suck. If you combine "iptables" with "ipset" then it won't kill your performance. One "iptables" tables rule will block a whole set of ip addresses(up to 65535 per set). You can create a list:set containing 8 individual sets. You will still, however, require many sets. However, the entire ipset config can be saved like this "ipset save >all.txt" or restored like this "ipset restore <all.txt" no matter how big or complex the configuration.

    – cybernard
    Oct 9 '13 at 21:51

















when you say with -A flag do you mean iptables -A or which command?

– cybernard
Oct 7 '13 at 23:37





when you say with -A flag do you mean iptables -A or which command?

– cybernard
Oct 7 '13 at 23:37













added relevant info about the -A flag.

– Michael Lang
Oct 8 '13 at 15:10





added relevant info about the -A flag.

– Michael Lang
Oct 8 '13 at 15:10













Does the offending traffic need to be redirected or can we just drop it?

– cybernard
Oct 8 '13 at 23:59





Does the offending traffic need to be redirected or can we just drop it?

– cybernard
Oct 8 '13 at 23:59













redirected. I'm actually digging into iptables now as that may be the better place to deal with what they call "discretionary access control (DAC)" For now, I did manage to get a limited version of what I ultimately wanted with squid3 as a transparent proxy and squidguard, but this only protects http/https browsing, not all ports.

– Michael Lang
Oct 9 '13 at 18:27





redirected. I'm actually digging into iptables now as that may be the better place to deal with what they call "discretionary access control (DAC)" For now, I did manage to get a limited version of what I ultimately wanted with squid3 as a transparent proxy and squidguard, but this only protects http/https browsing, not all ports.

– Michael Lang
Oct 9 '13 at 18:27













urlblacklist.com has 3 million entries. "iptables" by itself will suck. If you combine "iptables" with "ipset" then it won't kill your performance. One "iptables" tables rule will block a whole set of ip addresses(up to 65535 per set). You can create a list:set containing 8 individual sets. You will still, however, require many sets. However, the entire ipset config can be saved like this "ipset save >all.txt" or restored like this "ipset restore <all.txt" no matter how big or complex the configuration.

– cybernard
Oct 9 '13 at 21:51





urlblacklist.com has 3 million entries. "iptables" by itself will suck. If you combine "iptables" with "ipset" then it won't kill your performance. One "iptables" tables rule will block a whole set of ip addresses(up to 65535 per set). You can create a list:set containing 8 individual sets. You will still, however, require many sets. However, the entire ipset config can be saved like this "ipset save >all.txt" or restored like this "ipset restore <all.txt" no matter how big or complex the configuration.

– cybernard
Oct 9 '13 at 21:51










1 Answer
1






active

oldest

votes


















0














The Best Ad Blocking Method with dnsmasq is doing exactly as what you are asking for.



The urlblacklist config file is under /etc/dnsmasq.d/: /etc/dnsmasq.d/dbab.adblock.conf, exactly in the format of



address=/101com.com/192.168.2.101
address=/101order.com/192.168.2.101
...


For details refer to
https://sfxpt.wordpress.com/2015/11/22/dbab-from-start-to-finish/



In the section "Faq: How to blacklist those bad sites".



From the blog:




  • Block accessing to the ad sites from the DNS level.

  • All ads will be replaced by a 1×1 pixel gif image served locally by
    the Pixelserv server






share|improve this answer


























    Your Answer








    StackExchange.ready(function() {
    var channelOptions = {
    tags: "".split(" "),
    id: "3"
    };
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function() {
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled) {
    StackExchange.using("snippets", function() {
    createEditor();
    });
    }
    else {
    createEditor();
    }
    });

    function createEditor() {
    StackExchange.prepareEditor({
    heartbeatType: 'answer',
    autoActivateHeartbeat: false,
    convertImagesToLinks: true,
    noModals: true,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: 10,
    bindNavPrevention: true,
    postfix: "",
    imageUploader: {
    brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
    contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
    allowUrls: true
    },
    onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    });


    }
    });














    draft saved

    draft discarded


















    StackExchange.ready(
    function () {
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f655657%2fhow-can-i-combine-dnsmasq-and-urlblacklist%23new-answer', 'question_page');
    }
    );

    Post as a guest















    Required, but never shown

























    1 Answer
    1






    active

    oldest

    votes








    1 Answer
    1






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes









    0














    The Best Ad Blocking Method with dnsmasq is doing exactly as what you are asking for.



    The urlblacklist config file is under /etc/dnsmasq.d/: /etc/dnsmasq.d/dbab.adblock.conf, exactly in the format of



    address=/101com.com/192.168.2.101
    address=/101order.com/192.168.2.101
    ...


    For details refer to
    https://sfxpt.wordpress.com/2015/11/22/dbab-from-start-to-finish/



    In the section "Faq: How to blacklist those bad sites".



    From the blog:




    • Block accessing to the ad sites from the DNS level.

    • All ads will be replaced by a 1×1 pixel gif image served locally by
      the Pixelserv server






    share|improve this answer






























      0














      The Best Ad Blocking Method with dnsmasq is doing exactly as what you are asking for.



      The urlblacklist config file is under /etc/dnsmasq.d/: /etc/dnsmasq.d/dbab.adblock.conf, exactly in the format of



      address=/101com.com/192.168.2.101
      address=/101order.com/192.168.2.101
      ...


      For details refer to
      https://sfxpt.wordpress.com/2015/11/22/dbab-from-start-to-finish/



      In the section "Faq: How to blacklist those bad sites".



      From the blog:




      • Block accessing to the ad sites from the DNS level.

      • All ads will be replaced by a 1×1 pixel gif image served locally by
        the Pixelserv server






      share|improve this answer




























        0












        0








        0







        The Best Ad Blocking Method with dnsmasq is doing exactly as what you are asking for.



        The urlblacklist config file is under /etc/dnsmasq.d/: /etc/dnsmasq.d/dbab.adblock.conf, exactly in the format of



        address=/101com.com/192.168.2.101
        address=/101order.com/192.168.2.101
        ...


        For details refer to
        https://sfxpt.wordpress.com/2015/11/22/dbab-from-start-to-finish/



        In the section "Faq: How to blacklist those bad sites".



        From the blog:




        • Block accessing to the ad sites from the DNS level.

        • All ads will be replaced by a 1×1 pixel gif image served locally by
          the Pixelserv server






        share|improve this answer















        The Best Ad Blocking Method with dnsmasq is doing exactly as what you are asking for.



        The urlblacklist config file is under /etc/dnsmasq.d/: /etc/dnsmasq.d/dbab.adblock.conf, exactly in the format of



        address=/101com.com/192.168.2.101
        address=/101order.com/192.168.2.101
        ...


        For details refer to
        https://sfxpt.wordpress.com/2015/11/22/dbab-from-start-to-finish/



        In the section "Faq: How to blacklist those bad sites".



        From the blog:




        • Block accessing to the ad sites from the DNS level.

        • All ads will be replaced by a 1×1 pixel gif image served locally by
          the Pixelserv server







        share|improve this answer














        share|improve this answer



        share|improve this answer








        edited Oct 6 '17 at 4:31

























        answered Dec 1 '13 at 5:17









        xptxpt

        3,251155797




        3,251155797






























            draft saved

            draft discarded




















































            Thanks for contributing an answer to Super User!


            • Please be sure to answer the question. Provide details and share your research!

            But avoid



            • Asking for help, clarification, or responding to other answers.

            • Making statements based on opinion; back them up with references or personal experience.


            To learn more, see our tips on writing great answers.




            draft saved


            draft discarded














            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f655657%2fhow-can-i-combine-dnsmasq-and-urlblacklist%23new-answer', 'question_page');
            }
            );

            Post as a guest















            Required, but never shown





















































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown

































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown







            Popular posts from this blog

            Why not use the yoke to control yaw, as well as pitch and roll? Announcing the arrival of...

            Couldn't open a raw socket. Error: Permission denied (13) (nmap)Is it possible to run networking commands...

            VNC viewer RFB protocol error: bad desktop size 0x0I Cannot Type the Key 'd' (lowercase) in VNC Viewer...