There are aur packages like hosts-update, tblock, hblock, hostsblock etc that modify the hosts files to deny traffic to ads and other malware.
The size of the modified hosts files can easily run from several kilobytes to several megabytes. So will this effect the performance of the system? Isn’t the system searching all these entries everything it connects to the system? How is the performance effected especially on, say, a 15 year old computer?
Yes. The question is, will it be a meaningful or noticeable performance change.
The best way to find out is to try it on your machine and see. It is easy to add and remove so just try it and see if there is any impact.
I used a 48MB hosts files and my old system choked up.
I used systemd-resolved. I configured nsswitch.conf to first use the hosts file; next I configured it to use resolved since systemd-resolved caches the entries. Neither worked. Websites didn’t load.
While drill endeavouros.com @1.0.0.1 gave a result the wait was indefinite with drill endeavouros.com, when using the default DNS service.
Since the size of the hosts files impacts the performance, I decided not to use a custom hosts file.
Also I think it would be okay on most modern systems but mine is a dinosaur.
> inxi
CPU: dual core Intel Core2 Duo E7400 (-MCP-) speed: 2792 MHz
Kernel: 5.17.7-arch1-1 x86_64 Up: 5h 58m Mem: 2650.6/3484.8 MiB (76.1%)
Storage: 2.22 TiB (66.3% used) Procs: 192 Shell: fish inxi: 3.3.15
This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.
Just today I saw this post but could not reply anymore because it was closed:
This is for @chromian
If you want to use a large hosts file, for example to block malicious servers or ad/tracking servers, you could use dnsmasq. This would even boost your dns performance because it has a very efficient dns cache.
https://wiki.archlinux.org/title/Dnsmasq
dnsmasq is handling official blocklists like https://github.com/notracking/hosts-blocklists
I am using dnsmasq with this blocklist since a long time and I am very happy with it.
Thanks, that looks interesting. I will keep it as an option since I am currently testing out blocky. It is a DNS proxy with built in support for encrypted DNS and block lists so it’s rather easy to use. If you are looking for something simple maybe you should try it too.
For any one interested in this, as in, locally blocking ad/marlware etc using DNS:
I said my system choked up and couldn’t handle large hosts files but I used a program called tblock. Maybe your latest computer can totally handle it. I will bet on it.
If you are going the blocking by hosts route, remember the hosts file will point the browser to 0.0.0.0 or 127.0.0.1. In some cases there will be a wait/delay when loading while the browsing waits to see if it gets a reply from 127.0.0.1. In order to quicky end the request you need to use an app like pixelserv-tls.
Something that worked on my computer is using rpz files. You use, a DNS resolver, knot-resolver and point it to an rpz file that contains the urls you want to block.
Read this blog on how to do it. If you install from AUR the systemd service files are already there, you just need to edit them. Also read my comment.
You can get rpz files from people who provide “ad/malware block lists”. Energized is a good example. Look for the rpz heading in the table.
Performance with knot-resolver while blocking ads with an rpz file is pretty good. I try and query a blocked url in the file (drill <url>) which is 20 MB and it takes about a 1ms to get a response which is pretty good.
This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.