Hello @dave14305 I took a shot at supporting the allow-listing by explicitly adding the domains to the final dnsmasq.servers file like you suggested in 1.1.2-6 available from dev repo.
It of course took quite a bit longer to implement as I originally hoped, I needed to update both processing of allow/block-lists when downloading, the operation of allow command and even make changes into how the size of the final block-list is calculated, as it would now contain explicitly allowed domains.
Please test 1.1.2-6 as much as you can. I still need to probably add support for allowing domains when using remote dnsmasq config file, but I'd like to have this basic functionality tested.
I was able to install and start some testing during Monday Night Football.
At first glance, I’m surprised to see that the allowing is only one method or the other (e.g. sed or #), but I was advocating to do both methods at once.
My first test using Hagezi Pro was to allow apple.com. This didn’t allow any of the currently blocked Apple sub-domains because the blocked domains are more specific than the new allow entry. You would need to sed out all blocked entries ending in apple.com and then add the new entry server=/apple.com/#. The sed is technically enough for this particular scenario (allowing a higher-level domain of one or more blocked domains), but since you won’t know in advance if it’s a partial match, exact match or no match, you should execute both methods.
The next test was to whitelist a random doubleclick sub-domain 9120651.fls.doubleclick.net since fls.doubleclick.net is in the block list. This works as expected. 9120651 resolves properly, and any other subdomain like 9121695.fls.doubleclick.net continues to be blocked.
Allowing an exact match of blocked domain like browser-intake-datadoghq.com works as expected.
@dave14305 I thought it would be a significant speed improvement if I didn't need to purge the final block-list from allowed sites, but I see your point. So 1.1.2-7 available from OpenWrt snapshots repo and from my private repo has the proper processing as you suggested.
I have previously ignored the news about the per-instance conf-dir support for dnsmasq (applicable for dnsmasq.conf, dnsmasq.ipset and dnsmasq.nftset configurations only), but was reminded about it with the recent drama with switching default values for per-instance conf-dir.
The adblock-fast 1.1.2-10 (and please update the luci app to the same version), has support with configurable per-instance conf-dir for dnsmasq. I've quickly tested with all 3 options affected (and dnsmasq.servers which is not affected) and it seemed to work for me.
If you use adblock-fast with either dnsmasq.conf, dnsmasq.ipset or dnsmasq.nftset options for resolver, especially if you have multiple dnsmasq instances, please install 1.1.2-10 and test.
Pending any reported bugs, I'll be creating PRs for OpenWrt packages both snapshots and 23.05 repos before the end of the week.