Post by Noel on Jun 10, 2016 18:09:25 GMT -6
Rebuilt my DNS server software from source and expanded my wildcard list capacity hugely (from 125 max entries to 65536).
Then I reworked my script that accumulates adware / malware server names and domain names so that it will generate a separate list of wildcarded domain names.
Why?
So I can truly block any and every server under 20,000 or so malware domains (a domain being of two parts, xxx.yyy).
Before now I slapped a www. on the front of the pure domain names. For example, one of the malware domains is eldoapts . com (ignore the extra spaces here). Up to now I was generating an extra entry for the fixed dns list of the form: www . eldoapts . com=0.0.0.0
That was better than nothing, but not rigorous, since it's possible that an actual web page out there somewhere might contain a URL like ad . eldoapts . com and that would still be resolved.
Now, with the entry * . eldoapts . com=0.0.0.0 in the now expanded wildcard list AND also eldoapts . com=0.0.0.0 in the fixed dns list, NOTHING from anywhere in that domain is getting contacted.
I had to actually fix the code in the "Dual DHCP DNS Server" package so that it would be able to work with the expanded list. It seems like everyone else's code is always so bad... I had to change the loop variable that runs through the search list from a byte to an int. Who thinks that using a byte-wide loop variable is actually saving anything? And doesn't anyone else beside me think that eliminating compiler warnings is worthwhile?
In any case, this was one of those moments we geeks always think about when having the source code on hand actually allows progress to continue. Swing into the source code, bang out a bugfix, then keep going.
Performance with 20K+ wildcard entries is actually admirable. The huge list is searched and "not found" is returned or the request is forwarded to an external server in an eyeblink. Modern computers are great. I have the DNS server package running on a small server system that's always on, a Dell PowerEdge T20 with a Haswell Pentium G3220 2 core processor. Quiet and consumes very low power, yet is remarkably agile.
So every system on my LAN immediately benefits from these changes.
-Noel