I am currently comparing the performance (block rate) of /ip/dns/adlist versus Pi-hole using the following setup:
- Each client uses the router as its DNS server.
- The Pi-hole server is set as the upstream DNS server.
- Both the Adlist and the Pi-hole server have identical blocklists.
In theory, any domain queried against the router’s DNS server should be blocked locally and therefore not forwarded upstream to the Pi-hole.
However, in practice, I still see some requests appearing in Pi-hole’s query log with the status “blocked.”
Most of these requests are of type “HTTPS RR (RR type 65)” (more details: RFC 9460).
Corresponding log entries from the router show:
query from XXXXX: #78203 beacons3.gvt2.com. UNKNOWN (65)
This issue could potentially be resolved by adding support for “HTTPS RR (RR type 65).”
Feature Requests:
- Support for “HTTPS RR (RR type 65)” to ensure proper blocking.
- Logging for “blocked by Adlist” to track which client queried a blocked domain.
- Support for addresses “0.0.0.0” and “::” with static entries (or a “block” option).
- Static entry prioritization: If a static entry exists for a specific record type (e.g., “A”), other record types (e.g., “AAAA”) should not receive non-static responses. Currently, even when a static “A” record is present, an “AAAA” query still gets a non-static response.
.