I am using Turris Omnia with latest Turris OS 5.3.11 with default kresd resolver
I have already used the MVPS hosts file to block some malware sites without any issues via the ‘hostname_config’ command in the “resolver” config file.
I am now playing with StevenBlack “hosts files” (https://github.com/StevenBlack/hosts) but I have a syntax error in the file that I cannot spot.
In “/var/log/resolver” file I have these errors :
Aug 3 20:03:37 TurrisOmnia kresd[22031]: [hint ] [ ]/tmp/kresd/hints.tmp:11953: invalid syntax
Aug 3 20:28:45 TurrisOmnia kresd[26333]: [hint ] [ ]/tmp/kresd/hints.tmp:112545: invalid syntax
I have already the kresd custom config :
modules.load(‘bogus_log’)
Is there a way to know the line of the error or a tool to validate a hosts file ?
I have cleaned the custm hosts file, but now kresd hang without any error in the resolver log.
Kresd did not respond to DNS queries any-more and on network restart I had an error in log
Aug 5 13:39:11 TurrisOmnia procd: Instance kresd::instance1 pid 10861 not stopped on SIGTERM, sending SIGKILL instead
Is there a limit on the size of hostname_config file (I have 133 032 lines in my last test)
I wonder. Is the list sensitive or can you simply send it to me? (vladimir.cunat@nic.cz) It’s usually better to approach the same conditions when debugging.
There’s no real limit on this, and 130k lines doesn’t seem a lot to me. The relevant code is in C and I’m not aware of any significant inefficiency there. I wonder if it still could be taking long on Omnia’s not-that-poverful CPU for procd to get impatient and kill it, but I’d still be surprised.
Thanks for the file. I confirm that performance of loading this list is very slow.
It’s due to generating data for the reverse PTR records (which you don’t want in your use case), as kresd is trying to remember all pairs, so that it makes sense e.g. when they’re removed individually. I’ll be digging into details of the performance issue.
EDIT: I forgot to add the key property that it’s a huge list of names, all mapping to a single address (0.0.0.0). So that the reverse list for that single address will get huge.
So, I improved the performance a little upstream, but that won’t be enough for you. Long start and reconfigure time would certainly be a bother in practice. With the current design of the module, adding those reverse entries can’t be fast, and that code was already redesigned and rewritten for Knot Resolver 6.0.0 in a way that won’t suffer from bad performance here. However, lots of other work still remain before that can be released.
By the way, you know about the adblock package?-
RPZ
If you don’t want to use that package, I’d suggest switching to RPZ format, i.e. lines like
foo.example.net. A 0.0.0.0
and there it’s also possible to block subtrees by
*.example.net. A 0.0.0.0
(You need to block apex and all its subtrees separately, i.e. two lines, in the typical use case, unfortunately.)
RPZ doesn’t attempt reverse records (automatically), and performance on your large list seems good to me.
Configuration is probably best by editing /etc/config/resolver, section config resolver 'kresd' and there add list rpz_file '/path/to/file.rpz'