I really think vyos should have inbuild adblocker rather than relying on running containers like adguard/pihole
Could some good folks with patience provide steps to achieve adblocking in latest version vyos using rpz list ,i saw some comments here in forum “easiest would be to download the RPZ list from oisd.nl and add rpzFile(“list.rpz”) to recursor.conf.lua”
You mean adblocking through DNS since doing proper adblocking would need a functional ssl termination to be setup first?
Also dont reinvent the wheel…
If you really want DNS adblocking then using Adguard or Pihole (which are really great at this including a great webgui) as a container is the proper way to do this on a VyOS box.
Seconding what @Apachez said.
You could make a strong case that a DNS recursor itself doesn’t belong on the router.
Use the right tool for the job. Yes, you could hack a DNS blocklist into VyOS PDNS, but how do you easily keep it up to date, stop it breaking other things etc?
What is your concern with running DNS in a container?
Additional overhead possibly adds some ms delay ( i can see difference in latency between native dns vs adguard ) ,requires a container runtime (Docker/Podman)
Not deeply integrated with network hardware Works at a software level, not tightly coupled with your router.
It is not “deeply integrated” or anything else dreamed up, it’s a running process under the Linux kernel. The same as AdGuardHome would be if you ran it in a container, all the container does is provide some isolation. The biggest additional overhead of running something in a container is that it brings with it its own libc instead of using the system one. That’s it. The kernel still talks to the process the same as it’d talk to pdns.
The real “integration” powerdns has with VyOS is that VyOS is able to create/change its config files via the VyOS CLI. That’s really it.
The ChatGPT generated chart is interesting, but you haven’t asked ChatGPT to compare the VyOS pdns when you’ve hacked it up with your desired filtering rules…
You do know that your client have its local dns cache so if a DNS query (the first time some app in your computer makes a specific lookup) takes 8ms vs 9ms to complete gives what?
Since the following lookups for the same query will be 0ms since it will hit the local DNS cache (or <1ms since it will hit the cache of Adguard/Pihole in your VyOS box).
You dont need an additional container runtime snice the support of containers is builtin within VyOS:
If you are worried about the performance of your VyOS to deal with DNS queries then install some dedicated AMD EPYC 256-core system and run Bind9 on it utilizing all available hardware performance…
Yeah that made up comparision chart is just bogus. The claim regarding latency is hilarious - like if Adguard/Pihole would have been runned without any dns cache whatsoever?
Not to mention the other bogus claims…
People should stop to blindly trust all the junk chatgpt spits out these days (or whatever broken AI was used to made that table)…