I want to use regex to block websites rather than using ipsets, which is causing other services to suffer. due to it being ip based
No. Also dnmasq based blocking does it by domain name not ip address. The adblock versions available on OpenWrt both do it that way - return NXDOMAIN for a given list of domain names.
There is also banIP that does block by IP address and can take a domain list but it resolves them to an IP address and blocks that. This method can cause other domains hosted on the same IP address to be blocked however.
Another difference between the two: the first requires all devices to go through the router's DNS to benefit from the blocking. The second blocks even if a different method/server is used for domain resolution.
1 Like
so, on a individual device its not possible to block a certain website without blocking lets say yt.googleapis.com it will block play.googleapi.com too which working on the same ip?, so either i have to modify the dnsmasq to resolve the fqdn or add pihole of adguard dns?
if you want to block YT ads, it won't work using DNS.
pihole can't be run on bare openwrt, you'll need to go virtual.
AGH is however available, but big, and eats plenty of memory and flash.
Im not planning on banning yt ads I have ublock origin for that, all that i was saying is either i have to resolve fqdn from dnsmasq using regex which i have to patch it or i would need external help from pihole or adguard dns, afaik pihole and adguard both use dnsmasq modified version which does not take much computation power, so its should work on the normal tp-link router
a "normal tp-link router" will die due to OOM caused by the block lists, unless you really only want to use a small amount of regex:es.
I've been running my pi-holes on the oracle free for life tier for the last 5 years or so.
tbh i did install adguard-dns on the tplink router and was working fine but it had lot of things over it which didnt give me much space to work on the router with, so instead of using those modules i thought using it directly on the router which worked greate but the only issue was i was using ip addresses to resolve it making the other domain which use the same ip also unreachable
Using Archer ax23, and what if i put the regex entry list outside of the router?
After some more research I am wrong about the "no" as dnsmasq does support regex matching these days and has for a while. Will have to test what version(s) of dnsmasq for OpenWrt include it. Does seem a way to make DNS resolution very slow to me however.
wait it does? im on the latest firmware of archer ax23 tplink both dnsmasq full and lite version of it, and im being plagued by this issue.
I think you’re wrong about being wrong.
dnsmasq supports blocking by IP address. adblock-lean supports remote IP-based lists and could easily be adapted to support local lists if there was sufficient demand.