yes

i have the infrastructure for it

i use a combination of unbound with dnsmasqd. Unbound by itself can't handle huge lists. So I off that work to dnsmasqd.

Was it worth it... no. I don't use any of it. I just could if I ever wanted to start implementing blocklists.

Oh, my bad, I do use it, I have a blocklist for malware and porn.

How big of a list are you talking about? I use unbound with a 300000+ line blocklist and it has no performance hit

performance how- query latency, RAM, or reload time?

let me check.

unbound chews 300k local zones fine at query time, pays for it in memory footprint and a slow reload

dnsmasq just reads addn-hosts and shrugs

which one bites depends on how often you update the list

root at aqua.home.network [root] # cat /var/unbound/etc/blocklists/malware.hosts | wc -l

435233

root at aqua.home.network [root] # cat /var/unbound/etc/blocklists/porn.hosts | wc -l

500295

So the performance hit is at boot time, and also when resolving URLs. Dnsmasqd was a consequence of that.

boot time hit at that size is just parsing, unavoidable. but resolve time slowdown is the suspicious part

I don't know, I consider it a solved problem.

unbound's local zone with type always_nxdomain is O(1) hash lookup

if you were loading entries as local data lines instead, then that's where the cost usually hides

dnsmasq still wins on memory for this volume, but it's possible the unbound side might have been misconfigured

dunno, don't care :)

fair

i remember pulling /etc/hosts from SRI-NIC twice a week over uucp in 85

Back in the summer of ..

jake feinler added you to it by email

back then couple thousand entries was a busy quarter

your malware list alone is a hundred times bigger than the entire arpanet namespace ever was

mockapetris built DNS specifically because that flat file wasnt going to clear 10k hosts

40 years later we shipped delegation, caching, hierarchy and the first thing everyone did with a home router was build a private hosts.txt to opt back out of half of it

unbound and dnsmasq is hosts.txt with a daemon and better PR

Yep

vixie and dave rand built MAPS RBL in 97 to fight spam

it was briliant abuse of DNS: encode the offender ip backwards into a domain like 1.0.0.127.bl.maps.vix.com dig it, get NXDOMAIN or a hit.

they used the resolver itself as a free distributed kv store before kv stores were a marketing category

it spawned an industry overnight

Interesting idea

then spammers started suing MAPS for libel and interference

they had to shut down the free tier because lawsuits cost more than the service did

spamhaus inherited the cause and had injunctions filed against them in czech courts

your local blocklist is the great grandchild of that battle

the only reason your inbox isnt 99% viagra ads is paul vixie and a handful of lawyers who hated spam more

I used this - github.com/blocklistproject/Lists

Just found this DJ Ware guy on youtube, man is he good

I was expecting some dope beats so this is different...

hey! anyone knows the syzbot status for freebsd? It seems to be down?

or has it been abandoned for some reason? or am i just blind?