02:21:38 yes 02:21:44 i have the infrastructure for it 02:23:13 i use a combination of unbound with dnsmasqd. Unbound by itself can't handle huge lists. So I off that work to dnsmasqd. 02:23:36 Was it worth it... no. I don't use any of it. I just could if I ever wanted to start implementing blocklists. 02:26:36 Oh, my bad, I do use it, I have a blocklist for malware and porn. 02:27:11 How big of a list are you talking about? I use unbound with a 300000+ line blocklist and it has no performance hit 02:29:46 performance how- query latency, RAM, or reload time? 02:29:50 let me check. 02:30:01 unbound chews 300k local zones fine at query time, pays for it in memory footprint and a slow reload 02:30:11 dnsmasq just reads addn-hosts and shrugs 02:30:23 which one bites depends on how often you update the list 02:31:27 root at aqua.home.network [root] # cat /var/unbound/etc/blocklists/malware.hosts | wc -l 02:31:27 435233 02:31:27 root at aqua.home.network [root] # cat /var/unbound/etc/blocklists/porn.hosts | wc -l 02:31:27 500295 02:32:18 So the performance hit is at boot time, and also when resolving URLs. Dnsmasqd was a consequence of that. 02:33:48 boot time hit at that size is just parsing, unavoidable. but resolve time slowdown is the suspicious part 02:34:07 I don't know, I consider it a solved problem. 02:34:10 unbound's local zone with type always_nxdomain is O(1) hash lookup 02:34:32 if you were loading entries as local data lines instead, then that's where the cost usually hides 02:34:52 dnsmasq still wins on memory for this volume, but it's possible the unbound side might have been misconfigured 02:35:14 dunno, don't care :) 02:35:34 fair 02:37:14 i remember pulling /etc/hosts from SRI-NIC twice a week over uucp in 85 02:37:47 Back in the summer of .. 02:37:50 jake feinler added you to it by email 02:37:59 back then couple thousand entries was a busy quarter 02:38:23 your malware list alone is a hundred times bigger than the entire arpanet namespace ever was 02:38:51 mockapetris built DNS specifically because that flat file wasnt going to clear 10k hosts 02:39:11 * MelanieUrsidino puts on some music she associates with retro computers 02:39:46 40 years later we shipped delegation, caching, hierarchy and the first thing everyone did with a home router was build a private hosts.txt to opt back out of half of it 02:40:35 unbound and dnsmasq is hosts.txt with a daemon and better PR 02:43:26 Yep 02:46:54 vixie and dave rand built MAPS RBL in 97 to fight spam 02:47:22 it was briliant abuse of DNS: encode the offender ip backwards into a domain like 1.0.0.127.bl.maps.vix.com dig it, get NXDOMAIN or a hit. 02:47:45 they used the resolver itself as a free distributed kv store before kv stores were a marketing category 02:47:55 it spawned an industry overnight 02:48:14 Interesting idea 02:48:20 then spammers started suing MAPS for libel and interference 02:48:34 they had to shut down the free tier because lawsuits cost more than the service did 02:48:53 spamhaus inherited the cause and had injunctions filed against them in czech courts 02:49:04 your local blocklist is the great grandchild of that battle 02:49:29 the only reason your inbox isnt 99% viagra ads is paul vixie and a handful of lawyers who hated spam more 02:49:48 I used this - https://github.com/blocklistproject/Lists 02:51:29 Just found this DJ Ware guy on youtube, man is he good 02:52:04 I was expecting some dope beats so this is different... 02:53:32 hey! anyone knows the syzbot status for freebsd? It seems to be down? 02:54:08 or has it been abandoned for some reason? or am i just blind?