Posted: Tue Jan 26, 2016 15:44 Post subject: can I block an unlimited number of web adresses with dd-wrt
I need to block an unlimited number of web addresses, (over a hundred as of date and counting). Is there a limit to how many I can block in DD-WRT ? I know I could use my computer's hosts file but there isn't such a thing on some of my other internet enabled devices.
I don't care if I must input every address one by one.
Joined: 13 Mar 2014 Posts: 856 Location: Montreal, QC
Posted: Fri Feb 12, 2016 6:22 Post subject:
the ad blocking way is the dnsmasq host-record option. if you have a dual stack network ipv4/ipv6 and the hosts you are blocking have ipv6 connectivity then you need to null route for ipv6 as well otherwise the network devices will use the AAAA record returned by dnsmasq. This method also does not null route sub-domains.
the dnsmasq address method resolves both of those isues.
Joined: 16 Nov 2015 Posts: 6440 Location: UK, London, just across the river..
Posted: Fri Feb 12, 2016 8:50 Post subject:
yep as i dont have ISP ipv6 provider i don't use it at all, but in dnsmasq address method to put all the addresses in the box and then you get out of ram in case of low ram device or im wrong _________________ Atheros
TP-Link WR740Nv1 ---DD-WRT 55630 WAP
TP-Link WR1043NDv2 -DD-WRT 55723 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55779 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55819 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55779 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
You really need to use RegEx to keep your block list down.
Also, you COULD consider using a proxy on a Raspberry Pi or similar SoC board, all HTTP / HTTPS connections will then go via that filtering proxy. It can also be a caching proxy too to speed up surfing and keep your (if applicable) WAN quota low.
Going this proxy SoC would give you far more capability and power, and of course storage (limited to SD Card size).
One other thing to do, check FORCE DNS REDIRECT otherwise DNS blocks can be bypassed (Windows also manages to find it's own sneaky way around DNS for some odd reason even when it is not configured for other DNS's!). This way, even if a client is configured for other DNS (OpenDNS or GoogleDNS etc) they will always go via your DNSMasq. Also set it to Authorititive too. You really want to lock it down.
If you have problems on DD-WRT with DNSMasq you can offload it to a Raspberry Pi and configure the DNS in DD-WRT to look there. That is how I do my OpenVPN and other network tasks, using a small itty bitty SoC board.
These are basically Linux machines, with far more storage availability and ease of installing/programming than DD-WRT. You also get a desktop you can run from Windows (Xming X display server if need be, then run it headless as a little useful server)