Caching/Accelerating/Adblocking DNS server for small lan/home usage.
So adblocking on a domain level, how does that help me? There is good evidence from research showing that ad code slows down browsers, not to mention that few people actually appriciate them.
Why not use PiHole, or something simiilar ? You could, I whole heartedly support that project, and many of their results are used by this image. My goal is a simpler no-nonsense, "set and forget" solution, with zero configuration or follow-up needed.
But my internet is fast, surely so is my DNS? Plenty of sources suggest using a different DNS to alieviate net speed problems (example). This is due to DNS having to complete before any actual connection can be made, so you may argue that in these days of Megabit and Gigabit connections, DNS is the most significant bottleneck in your internet connection.
But I use 1.1.1.1 as my dns, and it is very fast. For the most part, your best case scenario performance will be equal to what you're experiencing, since the additional dns relay adds very insignificant amount of latency (<1ms). However, using parrallel lookup help keep consistent performance, even in worst case scenarios. Combine this with caching of common dns requests, which further reduces best case scenarios you will get a overall better experience. Lacking online sources, my quote my own setup which shows a cache hitrate of about 50% on my home network.
This image is a very small footprint (Alpine based) dnsmasqd setup, with a caching and accelerating DNS service. It bypasses your regular isp dns in favor of OpenDns and 1.1.1.1 dns services and sets op parallel queries for acceleration.
For caching it implements a rapid 3 sec. minimum TTL, which catches burst lookups (common in mobile apps) and caches the 1024 most recently used domains, along with caching of failed lookups (preventing re-lookup of failed requests), making common lookups VERY fast!
I measured for my setup and compared to major 3rd party providers using DNS Benchmark tool:
Which shows this cache being unmatched in cached performance, and on par with the best alternatives.
Lastly it will, on startup, fetch an AdBlocking hostname list and ensures that you dont make queries to adserving domains. The list is pulled from StevenBlack's hosts files and dnsmasq uses the hosts file to return NULL (0.0.0.0) replies to clients. This is shown to have the most reliable blocking rate, and avoids requests to any servers all together. You can configure the BLOCKLIST_URL to point at any list in hosts format, such as any of the other lists provided in the link mentioned.
You should start this image on you home lan server or NAS, and configure your Router's DHCP to roll out this new ip for dns and reap the benefits of faster browsing and living on the internet.
Upon first startup after creation, the list of adblocked domains will be downloaded and placed in /etc/hosts.dnsmasq, but will be resued upon restarts.
You can set a custom url for downloading the blocking hosts in the BLOCKLIST_URL environment variable.
If you wish to add additional configuration to dnsmasq, you can volume mount /etc/dnsmasq.d/.
You may simply run the container for testing with:
docker run -d -p 53:53 -p 53:53/udp stixes/dns-cache
and test lookup using nslookupon the server being used.
As a docker-compose service (This would likely work in docker swarm mode aswell). Adding cpu_shares helps reduce latency further:
services:
dns:
image: stixes/dns-cache
restart: always
ports:
- "53:53"
- "53:53/udp"
cpu_shares: 8192
This image is used personally on my networks, however I cannot guarentee how it fairs on your network. Basicly, your milage may vary.
Also, this image uses parallel queries of dns servers, which is generally percieved as bad practice, however the results speak for itself.