Just wondering what blocklists are the most proficient at blocking trackers, malware, etc. that can be used with RethinkDNS.
Currently I am just using the RDNS Privacy blocklist that comes packaged with the app. Is there any list that is more worthwhile to use?
Any input is appreciated.
Bit of a duplicate thread going on. Please check for existing ones.
But specifically on rethinkdns. I stopped using them as they update the lists very slowly.
Thanks for mentioning my thread, BTW the lists iam using in RethinkDNS are:
• Prevent Bypass
• Adult (StevenBlack)
• Multi Pro (Hagezi)
• Security (StevenBlack)
• Threat intelligent Feeds (Hagezi)
• Ransomware (The Block List Project)
BTW thank you for saying that their blocklists are being updated slowly.
Thanks god iam just using it for the purpose of testing apps and not as my main firewall, My main firewall is Invizible pro which is really great.
Hi there: The process to push updates to apps is automated and lists update once every week (code). This workflow has been in place for since Dec last year.
In the recent past, on the server side, we have been facing DDoS attacks and been dealing with multiple bugs from our infrastructure providers that forced us to not deploy updates that often. But we intend to switch servers to weekly updates once things are stable (issue). Right now, the costs are simply too high (that is, updating servers results in a cache flush which in turn causes tremendous load on our servers. We can scale up and add more servers, but it is already a bit too expensive given the bugs are really with infrastructure providers).
Weekly updates is extremely slow in my eyes for DNS if you use lists as a counter measure for malware deployments.
I get your point but, capable malware will not be simply blocked by just DNS. Anyone claiming otherwise has something to sell.
It’s just one measure as i already said. Don’t disagree on your take btw.
But also i think the updates being slow relatively can impact usability when lists change because of corrections. A week is a long period for incorrect listings. I recently experienced that one of my domains was blacklisted by an AV for a few days based on AI decision, that for 4 days is already pretty frustrating I can tell you.
Gotcha. Rethink DNS (the Android app) supports unblocking (trusting / whitelisting) domains that are blocked by upstreams.
The app would start supporting importing blocklists from HTTP endpoints, in the next 2 to 3 months (issue).
Today, we update blocklists weekly not because we can’t do daily updates, but because it is super expensive to host them given botnets hitting us from countries like Turkmenistan, Russia, China, and Iran 24x7. We are at 40TB in bandwidth per month already with heavy caching in place. I shudder to think what daily updates would do.
Btw, I appreciate the hardwork you put in your lists (I use them) as it is one of the few I’ve found to not compromise on blocking trackers (unlike, say AdGuard / OISD that prefer little to no breakages in popular apps, for very justifiable reasons, I must add).
I analyse websites (incl their code using ChatGPT / Bard) in my free time and when I find new trackers, I often find only your blocklists to have blocked them (ex). So, I can clearly see why you’re someone who’d value timely updates.
From my end, I want to make daily blocklist updates a reality the minute I figure out how to deal with bots, or make this an enterprise that can fund such a thing on its own. My pockets aren’t that deep, yet (:
Fully get your reasons tho and i was aware of that. But good that you clarify this here too.
Just good to say is that PG doesn’t recommend the apl because as limitations it cannot be used a longside a vpn. However I do think for some this can be a good solution.
The problem I have with Adguard specifically is that they whitelist domains that are trackers thus making it impossible for other lists to block those domains. Fine if you remove domains from your lists but actually fully whitelisting them is quite problematic.
Rethink? It supports connecting to multiple WireGuard upstreams of one’s choice, since two months ago (latest release reddit thread).
Cool didn’t know that.