Adguardhome: ipset feature support
Prerequisites
Please answer the following questions for yourself before submitting an issue. YOU MAY DELETE THE PREREQUISITES SECTION.
- [x] I am running the latest version
- [x] I checked the documentation and found no answer
- [x] I checked to make sure that this issue has not already been filed
Problem Description
i use dnsmasq ipset feature to bypass gfw ,at the same time ,i want to use Adguard to filter ads.
i can use Adguardhome as the upstream of dnsmasq ,but i can't see clients from Adguardhome,all the requests from 127.0.0.1.
so if adguardhome have the ipset feature,it can be a replacement of the dnsmasq.
Proposed Solution
i had read the code maybe we can add a new *NetworkEngine to support filter other kind of filter rules such as rule use the certain upstream dns server or rule add the ip into ipset.
but add a new engine maybe expensive,we can give fliters more args,such as filtertype tells us what kind of rules it is,blacklist,whitelist,ipsetlist,upstreamlist?and add a more arg to additional info for ipset list and upstream list .At runtime we can use the id to distinguish between the rules.when we match the rules with special filtertype dont`t return Immediately,but add a flag in result.So it is important to sort the rules ,make the special filertype rule ahead of other rules.
Alternatives Considered
Additional Information
rufengsuixing
All 19 comments
Could you please explain more about this feature? What it does, how do you use it in your case
ameshkov
on 21 Nov 2019
as same as the dnsmasq ipset feature.
mainly for the router,when get a dns request,set the ip into ipset .Then we can use iptables to redirect domain into proxy
rufengsuixing
on 22 Nov 2019
Isn't it the same as DNS rewrites settings in AdGuard Home?
ameshkov
on 22 Nov 2019
no
http://www.thekelleys.org.uk/dnsmasq/docs/dnsmasq-man.html
--ipset=/<domain>[/<domain>...]/<ipset>[,<ipset>...]
Places the resolved IP addresses of queries for one or more domains in the specified Netfilter IP set.
means auto run ipset add <ipset> <ip> when solve domain
rufengsuixing
on 22 Nov 2019
From what I was able to figure out about dnsmasq's ipset function on the internet, it seems to me to be a way to collect the IP addresses of a specific domain, then placing the domains into a separate list.
This would be very difficult for AGH to do, as it is currently unable to do quite a lot of things that such a feature would require; such as making some IP addresses redirect to other IP addresses (apart from very tedious manual use of "DNS Rewriting"), making changes to lists (other than "Custom filtering rules"), and auto-adding specific proxies/IPs to such domains.
Since this is about redirecting IP addresses, this is also almost guaranteed to rule out conversions to the hosts syntax (which AGH does support).
DandelionSprout
on 22 Nov 2019
no need to rewrite ip, just add it into ipset is ok.that is the meaning of ipset feature.
redirect is not ipset do ,it is iptables`s thing.
rufengsuixing
on 23 Nov 2019
want to used adguardhome with another ,need use ipset model
jkle112
on 10 Dec 2019
want to used adguardhome with another ,need use ipset model
MxCen
on 23 Dec 2019
Isn't it the same as DNS rewrites settings in AdGuard Home?
https://raw.githubusercontent.com/googlehosts/hosts/master/hosts-files/hosts
This hosts can help China users get the correct IP addresss.
However, now it seems like a blocking list, although it helps us a lot. Besides, it only return a single IP, which makes download speed really slow. Can it be an host that all domins in it use a special dns such ac google doh/dot ?
uniartisan
on 1 Apr 2020
@uniartisan make sure that blocking mode is set to Default in the DNS settings. Otherwise, AGH will use it as a blocking list and will ignore the IP addresses that are specified in the hosts file.
ameshkov
on 2 Apr 2020
我想要adg完全替代dnsmasq。大佬应该懂得。能一个dns服务处理就不要来两个,哈哈哈哈
744287383
on 14 Jul 2020
我想要adg完全替代dnsmasq。大佬应该懂得。能一个dns服务处理就不要来两个,哈哈哈哈
Yes , dnsmasq can be disabled if ADH support ipset
sky96111
on 30 Jul 2020
This issue is so heavily upvoted so I am re-assigning it to v0.104
ameshkov
on 30 Jul 2020
我想要adg完全替代dnsmasq。大佬应该懂得。能一个dns服务处理就不要来两个,哈哈哈哈
+1
Dullxxs
on 30 Jul 2020
Hey everyone, we need an example of the ipset configuration you all are using.
ameshkov
on 28 Aug 2020
Hey everyone, we need an example of the ipset configuration you all are using.
Something like this
ipset=/google.com/gfwlist
And it usually used like this
https://github.com/lixingcong/my-gfwlist
arfaWong
on 31 Aug 2020
Official dnsmasq doesn't support regex ipset values, but there are patches to enable it (https://github.com/lixingcong/dnsmasq-regex). Do you need regex support in AGH (e.g. /google.*/gfwlist) or is it enough to support just plain text domain names (e.g. /google.com/gfwlist)?
szolin
on 1 Sep 2020
Let's simply do the same as the official dnsmasq version. If there's any real demand for regex support, there should be a separate feature request, we'll consider it then.
ameshkov
on 1 Sep 2020
need adh replace dnsmasq , hope join gfw list
ritech
on 9 Oct 2020
Related issues
xiaofengcod
·
3Comments
thb007
·
3Comments
alexpovel
·
3Comments
xenio
·
4Comments
snhv
·
3Comments
Most helpful comment
This issue is so heavily upvoted so I am re-assigning it to v0.104